There is a particularly devious type of malicious software that locks users out of their own computer systems until an individual agrees to pay a ransom to the hackers. In these cases, the FBI has surprisingly suggested just ponying up the dough.
It's not the type of advice one would typically expected from the FBI, but that's exactly what was recommended by Joseph Bonavolonta, the assistant special agent in charge of the FBI's CYBER and Counterintelligence Program Boston office.
"The ransomware is that good," said Bonavolonta at the 2015 Cyber Security Summit in Boston, as quoted by Security Ledger. "To be honest, we often advise people just to pay the ransom."
Yeah, it's RT, but I did a search, and that or similar headlines popped up on dozens of news sites. I clicked a couple of them, and the stories match. Try this one,
https://thehackernews.com/2015/10/fbi-ransomware-malware.html
Personally, I can almost certainly afford to nuke and reinstall, unless they get my RAID array. Then - I'd have to think hard.
(Score: 2) by VanderDecken on Friday October 30 2015, @06:44AM
Ok, let me try this again.
If it's providing a network filesystem, I'm calling it a NAS. If it's providing a block device over the network, I'm calling it a SAN. Terms can get muddy, especially when marketing steps in, but let's go with those definitions. (In reality, most modern boxes can provide either. Whether it's ethernet, fibrechannel, or whatever doesn't matter at a high level.)
In this case, the server was exporting a CIFS share backed by a ZFS filesystem, and ZFS was set to take automatic snapshots every 5 minutes or so. From the client machine perspective, yes it looks like a disk. When the malware hit, it was in the process of encrypting those portions of the CIFS share accessible to the admin assistant. The fact that someone else noticed the problem before the malware was done is irrelevent; it could have finished encrypting the whole thing and it wouldn't have mattered.
So the recover procedure was:
No, a NAS by itself is not a backup, and RAID is not a backup, but exporting a log structured filesystem (and with snapshots enabled) on a RAID means that you can do most recovery operations without going to traditional backups. You still need the traditional backups for archival and disaster recovery scenarios, though, including the case of losing more disks than your RAID has redundancy (at whatever level).
Does that help?
The two most common elements in the universe are hydrogen and stupidity.
(Score: 2) by Hyperturtle on Friday October 30 2015, @05:19PM
Yes indeedy!
My goal really was to provide for posterity a description from someone like you (and me) that having a network share to store backups on doesn't mean it's a backup -- it means its another copy.
People mistake raid for backups, and copies for backups, and indeed a raid can host copies of backups, and you can backup copies onto a raid, and if you have a raid 10, you have a parity copy hardware backup of those drives in raid 0 and... I didn't think you made the mistake.
I had a day of dealing with stupid, so please pardon if I stooped to an uninformative level. I would mod your reply informative, but I wanted to let you know that I see you answered my question and it is informative.
Lots of people out there, despite all the drum beating, do not get it, and other people still beat the drum at the whiff of others not getting it.
(my replying again doesn't win us points, though, but at least I am happy, right? well if that's not so good--think of all the posterity you helped!)