Linux ransomware already infected at least tens of users

http://securityaffairs.co/wordpress/41787/cyber-crime/linux-ransomware.html

 

Yes,

Who on earth would do this

 

Tens of users would

 

'Tens of users' ... scary, but hardly an epidemic problem.

 

The article did say "tens", not tens of thousands or millions. Pretty low infection rate. A small fraction of a percent of all the Linux systems out there.

 

^^^ What he said.

And it was only a matter of time before this happened, IMO. There are a lot of badly configured Linux servers out there.

 

No brainer!!

Of course good OPSEC along with it. Its much like reading the encryption forum right here. Folks end up with encrypted disks and they don't have the key to open it. So, use a backup and you are running in a very short time.

Don't misunderstand me though, this stinks and network admin's need to be proactive with prevention.

 

But not a typical auto-backup, which replaces the good files with infected ones.

 

Seeing as im middle-aged i sometimes need regular updates in that regard.

 

I expect that the "tens of users" is rip on the 1% market share it has on the desktop. But as stated by others, backup no matter what you are running.

 

This malware has absolutely nothing to do with desktop. And GNU/Linux has a large market share in the server field, if not largest.

 

Author of Linux.Encoder Fails for the Third Time, Ransomware Is Still Decryptable

http://news.softpedia.com/news/auth...-ransomware-is-still-decryptable-498483.shtml

 

Don't run any Linux OS as root ...... and then it can't touch you .

 

Not exactly true. There was a Firefox exploit that allowed the attacker to grab any files in your /home directory. So if you typed your password by accident on the Terminal (happened to me at least 10 times in the last year) it would be registered in .bash_history. This is very dangerous to web servers.

Not only that, but the Linux Kernel is pretty vulnerable by itself. That's why I use grsecurity. And that's why I run Iceweasel with Firejail, it can only touch the /Downloads folder and it's own little folder in /home/amarildo/.mozilla.

 

Linux has a lot of advantages over Windows in out of the box security. You just can't copy a random executable file somewhere and run it like you can in Windows. It has better structure and architecture and doesn't have all the undocumented and poorly documented complexity of Windows. That doesn't mean it is invulnerable or that its basic security can't be enhanced. A good OS in the hands of a careless user is less secure than a bad OS in the hands of a careful user as far as I'm concerned. That is why social engineering has always been one of the main tools in a hacker's tool box.

I appreciate @amarildojr's comments on specific areas where security can be improved. I just read recently that Linux Torvalds tries to keep Linux kernel development focused more on performance than on security. I read up a bit on Grsecurity which certainly has the right approach. It is amazing how computer security always returns to ACLs and privilege. For anything mission critical like a web server, grsecurity looks like the way to go. I'm not ready to put it in a desktop installation yet but I've certainly been impressed by Firejail. A mere 150kb of code that can do so much. It is fast and lean. A bit of a learning curve compared to the Windows equivalent, Sandboxie, but it doesn't have the licensing costs of Sandboxie. Light virtualization sandboxing of browsers is a good idea idea in any OS.

 

This is not really true. A properly made static binary can run out of the box on most Linux machines of a given architecture (at least for a while).

Re GrSecurity, there's no reason you can't have that and mandatory access control.

 

I should have said as easily.

 

How about the statements in 2007 Linux article? (Underlining is mine)

 

Pointless, unfortunately.

e.g. Metasploit will bypass this "feature" by spawning an interpreter process in memory only, and running commands from that. As long as chmod +x is not itself restricted, it doesn't present a serious obstacle.

 

So adding the rule

Code:

blacklist ${PATH}/chmod

to Firejail should solve this problem, shouldn't it?