From owner-freebsd-questions@freebsd.org Fri Nov 20 17:05:15 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9B9B0A332C6 for ; Fri, 20 Nov 2015 17:05:15 +0000 (UTC) (envelope-from idefix@fechner.net) Received: from anny.lostinspace.de (anny.lostinspace.de [IPv6:2a01:138:a006::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 578251A7E for ; Fri, 20 Nov 2015 17:05:14 +0000 (UTC) (envelope-from idefix@fechner.net) Received: from server.idefix.lan (aftr-185-17-205-108.dynamic.mnet-online.de [185.17.205.108]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: idefix@fechner.net) by anny.lostinspace.de (Postfix) with ESMTPSA id DE72EE6DAB for ; Fri, 20 Nov 2015 18:05:10 +0100 (CET) DMARC-Filter: OpenDMARC Filter v1.3.1 anny.lostinspace.de DE72EE6DAB Authentication-Results: anny.lostinspace.de; dmarc=none header.from=fechner.net DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=fechner.net; s=default; t=1448039111; bh=9xAixhSLGmm8b8GGotjp3dsShOOaDDF+E8Il8dwMkcU=; h=Subject:To:References:From:Date:In-Reply-To; b=E6tJa41Fb86WMQNYHTNhdRykJOlOHTWy5kxjsuZlPftL/d40qYTnVJfNmVEVB7P9K gBndJothfiJSv7TEbAnwBa8rf+nsVzyu516rf4iX4mroCj0PBtoaXFFPMZ++qCch2k btR8dHrBV00jBgt92OriyGWqkL56ggmweeHD+JS0= Received: from [192.168.0.151] (aftr-185-17-205-108.dynamic.mnet-online.de [185.17.205.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by server.idefix.lan (Postfix) with ESMTPSA id 2D3294D28F for ; Fri, 20 Nov 2015 18:05:10 +0100 (CET) Subject: Re: ransomware virus on Linux To: freebsd-questions@freebsd.org References: <20151119064434.GB1925@c720-r276659.oa.oclc.org> <86y4dtiqc3.fsf@WorkBox.Home> <20151120002132.7a4e3a82@gumby.homeunix.com> From: Matthias Fechner Message-ID: <564F52BE.1020504@fechner.net> Date: Fri, 20 Nov 2015 18:05:02 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <20151120002132.7a4e3a82@gumby.homeunix.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Nov 2015 17:05:15 -0000 Am 20.11.2015 um 01:21 schrieb RW via freebsd-questions: > I would guess it would recurse from /home into whatever it can > access - it probably just encrypts the files in place. so a good reason to have a ZFS with regluar snapshots. If really all data would be encrypted the worm has write access to it you will have the snapshots and the backup you can use. Not very convinient but it makes again clear, make backups and keep your software updated. KR Matthias -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook