From owner-freebsd-questions@freebsd.org Fri Nov 20 15:57:48 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B8616A31210 for ; Fri, 20 Nov 2015 15:57:48 +0000 (UTC) (envelope-from drosih@rpi.edu) Received: from smtp9.server.rpi.edu (smtp9.server.rpi.edu [128.113.2.229]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "canit.localdomain", Issuer "canit.localdomain" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 567FE125E for ; Fri, 20 Nov 2015 15:57:47 +0000 (UTC) (envelope-from drosih@rpi.edu) Received: from smtp-auth1.server.rpi.edu (smtp-auth1.server.rpi.edu [128.113.2.231]) by smtp9.server.rpi.edu (8.14.3/8.14.3/Debian-9.4) with ESMTP id tAKFvcpp013669 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 20 Nov 2015 10:57:38 -0500 Received: from smtp-auth1.server.rpi.edu (localhost [127.0.0.1]) by smtp-auth1.server.rpi.edu (Postfix) with ESMTP id A736858095; Fri, 20 Nov 2015 10:57:38 -0500 (EST) Received: from [128.113.24.47] (gilead-qc124.netel.rpi.edu [128.113.124.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: drosih) by smtp-auth1.server.rpi.edu (Postfix) with ESMTPSA id 9A34458066; Fri, 20 Nov 2015 10:57:38 -0500 (EST) From: "Garance A Drosehn" To: "FreeBSD -" Subject: Re: ransomware virus on Linux Date: Fri, 20 Nov 2015 10:57:37 -0500 Message-ID: <65FDDF03-930D-4D92-A961-7C7C9ECB2579@rpi.edu> In-Reply-To: <2021B94D-F9CA-4346-BDA5-A3A460C6BA3B@mac.com> References: <20151119064434.GB1925@c720-r276659.oa.oclc.org> <86y4dtiqc3.fsf@WorkBox.Home> <20151120002132.7a4e3a82@gumby.homeunix.com> <2021B94D-F9CA-4346-BDA5-A3A460C6BA3B@mac.com> MIME-Version: 1.0 Content-Type: text/plain; format=flowed X-Mailer: MailMate (1.9.2r5130) X-Virus-Scanned: ClamAV using ClamSMTP X-Bayes-Prob: 0.0001 (Score 0, tokens from: outgoing, @@RPTN) X-Spam-Score: 0.00 () [Hold at 10.10] X-CanIt-Incident-Id: 02PHPVCUo X-CanIt-Geo: ip=128.113.124.17; country=US; region=New York; city=Troy; latitude=42.7495; longitude=-73.5951; http://maps.google.com/maps?q=42.7495,-73.5951&z=6 X-CanItPRO-Stream: outgoing X-Canit-Stats-ID: Bayes signature not available X-Scanned-By: CanIt (www . roaringpenguin . com) on 128.113.2.229 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Nov 2015 15:57:48 -0000 On 19 Nov 2015, Charles Swiger wrote: > On Nov 19, 2015, at 4:21 PM, RW via freebsd-questions > wrote: >> What worries me is that the next version might target Linux >> workstations >> where there's a lot of very complex software running as the owner of >> the user data. > > Ransomware which encrypts your stuff isn't a major problem if you have > a current backup. > > So, verify that your backups work. Which really means: Verify that your *restores* work! :) (Certainly I've seen cases where someone was running backups regularly & automatically, and everything looked fine. But when they finally needed to restore something, they found out that those backups were not really working, or were working but not backing up as much as the user thought they were backing up) -- Garance Alistair Drosehn = drosih@rpi.edu Senior Systems Programmer or gad@FreeBSD.org Rensselaer Polytechnic Institute; Troy, NY; USA