Date: Thu, 19 Nov 2015 08:04:07 +0100 From: Polytropon <freebsd@edvax.de> To: Matthias Apitz <guru@unixarea.de> Cc: freebsd-questions@freebsd.org Subject: Re: ransomware virus on Linux Message-ID: <20151119080407.dd7c00af.freebsd@edvax.de> In-Reply-To: <20151119064434.GB1925@c720-r276659.oa.oclc.org> References: <20151119064434.GB1925@c720-r276659.oa.oclc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 19 Nov 2015 07:44:34 +0100, Matthias Apitz wrote: > > Hello, > > I've read in the German computer magazine "iX 12/2015" about a threat > against Linux: Some ransomware malware encrypts your disk and the bad guys aking > for your money to get it decrypted again. The FBI recommends you simply pay: https://securityledger.com/2015/10/fbis-advice-on-cryptolocker-just-pay-the-ransom/ Things can be so easy if you listen to the authorities and then hand the costs over to your loyal customers who believe in your expertness and professionalism. ;-) > All details about this story > and how to get it decrypted again w/o spending money is here: > > http://labs.bitdefender.com/2015/11/linux-ransomware-debut-fails-on-predictable-encryption-key/ In addition: http://krebsonsecurity.com/2015/11/ransomware-now-gunning-for-your-web-sites/ https://github.com/eugenekolo/linux-ransomware-decrypter > Two questions remain: > > The structure of the attack makes me think that it would work the same way on > FreeBSD too. As far as I understand: Yes, that would be possible (given that the FreeBSD installation is much like the Linux installations affected in terms of software versions in use). > Do we have already known attacks like this? Maybe those running a significant attack surface (i. e., old and unpatched version of Magento, as the article you pointed to states), could provide more information: Linux.Encoder.1 is executed on the victim's Linux box after remote attackers leverage a flaw in the popular Magento content management system app. Proper settings of (write) privilege, account separation, the use of jails will probably make this harder to spread across a whole system. The article mentions a few things to pay attention to. > If we would have a known attack and test data from this (i.e. an > encrypted file system tree), I think it would be worth to check if the > software described by Bitdefender could be ported to FreeBSD too. It would be interesting to see if the Linux version would work on FreeBSD (via Linux ABI), because the file system access at this point is still "abstracted" to the running program. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151119080407.dd7c00af.freebsd>