Choose style:

Author Topic: Linux KillDisk Ransomware Can't Decrypt  (Read 786 times)

0 Members and 1 Guest are viewing this topic.

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3774
  • Karma: 294
  • Soy un huevo que adora Peppermint.
    • View Profile
  • Peppermint version(s): P10 & P9 Respin w/4.18 kernel
Linux KillDisk Ransomware Can't Decrypt
« on: January 09, 2017, 09:09:47 am »
Linux KillDisk Ransomware Can't Decrypt

By Mathew J. Schwartz for ISMG

http://www.bankinfosecurity.com/linux-killdisk-ransomware-cant-decrypt-a-9619

How does anyone protect him or herself from this kind of attack?  Isn't this where our firewalls and DNS filters come into play?  These ransomers are clearly experts at finding vulnerabilities --including Linux's vulnerabilities.  Where or what these vulnerabilities are, I haven't a clue.  My best guess for staying safer online would be to make sure we're all behind an active firewalls, using some heavyweight DNS providers we can trust --such as OpenDNS or, perhaps, Google's Public DNS --and augmenting our DNS with a DNSCrypt-proxy (which can be easily found in Peppermint's Software Manager, or through Synaptic Package Manager found in Peppermint too).

These ransomers are playing the big boys for the fun of it.  These guys remind me of cats that play with the mice they catch.  The cats play and play with the mice --that is until they get bored and do the mice in.  :o

We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Online VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5037
  • Karma: 907
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Linux KillDisk Ransomware Can't Decrypt
« Reply #1 on: January 09, 2017, 09:22:33 am »
Bottom line: OFFSITE  Back-up is more important than ever, regardless of OS !

'Read' between the lines (from the start of the 'war', 2013) ...   ;)


LINK:  https://youtu.be/lk5t_9nmtQs?t=28m7s
« Last Edit: January 09, 2017, 10:54:41 am by VinDSL, Reason: Addendum »

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 24785
  • Karma: 2732
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Linux KillDisk Ransomware Can't Decrypt
« Reply #2 on: January 09, 2017, 12:13:40 pm »
To me this is currently just more FUD from an invested party.

YET AGAIN, no mention of the actual attack vector .. as it shows a message in GRUB it must have elevated privileges to run (otherwise it hasn't permission to edit GRUB), so somehow they have to hack their way into your machine with root privileges .. if they can do that, sure they can do ANYTHING .. but there's no mention of how they achieve that.

I personally could bang something together in ten minutes that could encrypt/wipe/corrupt your HDD .. but that's not the point, I'd need to get it onto your machine and get around your password. It's not enough to say something exists, as I said I could make something *exist*, they have to show how it can get around Linux security, and as with all these reports that come from AV companies with a vested interest, THEY DON'T ::)

Again we're left with - Is it possible to write Linux viruses and malware (or add code to a Windows one that would make it Linux compatible) ? .. sure, no harder than any other OS .. getting it onto a target Linux machine however, and making its spread self sustainable is a WHOLE other kettle of fish.
« Last Edit: January 09, 2017, 12:17:49 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3774
  • Karma: 294
  • Soy un huevo que adora Peppermint.
    • View Profile
  • Peppermint version(s): P10 & P9 Respin w/4.18 kernel
Re: Linux KillDisk Ransomware Can't Decrypt
« Reply #3 on: January 09, 2017, 02:21:02 pm »
Thank you, VinDSL and PCNetSpec, for your responses.  Although I assume the article to be true, I was extremely frustrated that the article narrated a quite scary tale and then left it up to the end user to come up with his or her or security solutions.  I looked and looked for suggestions in the article on how one can minimize one's chances of attack, but found none.  VinDSL's idea though, to back up our data, is an excellent one.

I appreciate both of your thoughts on the matter.  The story did give me the willies however.  Although I know, as causal end users here using Peppermint, high stake organized ransomers would have very little interest in our online lives.  (Most of us here, I suspect, offer next to nothing in terms of financial or political gain for any organized group of attackers.)  The only thing that concerns me is, at least in theory, is that our computers could become unwitting vectors for attacks on larger and more important targets --such as infrastructure, etc.

I'm hoping that, within the next few months, that the US will have something resembling a cyber accord with Russia.  Then I will go back and comfortably use the few Russian programs and services that I like so much.  Until then, though, I'll wait until that accord is established.  Please don't get me wrong.  I think that companies such as Yandex and Kaspersky are world-class tech companies all the way.  It's not the companies themselves that concern me.  It's the polity, or the management of affairs, within and by the two superpowers that alarms me the most. :-X
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum