I wonder how Linux distros are handling this ? http://www.securityweek.com/killdisk-malware-targets-linux-machines
Malware usually isn't an issue because Linux software is downloaded and installed from a central repository. KillDisk in the Linux variant overwrites the GRUB bootloader so you can't boot up. Extremely stupid of cybercriminals.
No, it's not. The message itself is displayed on GRUB (which already proves how vulnerable the system is), but ALSO, files are being encrypted up to 17 directories in depth. This is on Linux, not Windows. The only good thing out of it is that recovery is possible on Linux, though it's difficult. The main point here is that we're beginning to see more and more attacks on Linux. If projects don't start putting their crappy security to place, we're going to make headlines sooner than expected.
My workspace is all in linux VMs. Out of curiousity, has there been any evidence that this has ever broken out to a Linux host? I tried to read through things and it doesn't seem to be addressed. KillDisk couldn't get to any of my host bootloaders because they are all on removable USB boot sticks. Those are removed before mounting any workspace VM's. Just saying.
None that I could find. I'm not taking chances, though Your setup is quite unique among PC users Good practice.
I agree... I think Linux is more of a cesspool than anyone wants to admit. That being said, cesspoolism mainly refers to a "normal" installation. Consider that you could defeat this malware with a single BTRFS ro snapshot; get infected, boot to a live USB, delete rootfs subvolume, take a snapshot of your ro snapshot as your new rootfs, and reboot. Rw would work as well, but just in case they try to get tricky in the future... Then you have stuff like MAC, grsecurity, firejail, etc. The Linux world has the tech, its just not as "glorious" to do the work of properly implementing it and so (most) distro makers and users arent doing it. Most Arch users would consider my install ridiculous, and yet it prolly only takes me an additional 15 minutes a week to maintain- and thats me doing it all myself.
It would be funny if ESET (who reported this in the article) gave the malware a bigger attack surface on Linux allowing it to run.
