D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Safety from scammers

 

On Wed, 28 Oct 2015 08:53:15 +0000
MWilliams <MWilliams@xxxxxxxxxxxxxxxx> wrote:

> The virus you mentioned is probably CryptoLocker. It started in 2013
> and has since been foiled somewhat due to the public release of keys
> used to encrypt many users' files. There are lots of similar
> variants, but again, Linux versions are rare. You'd also have to
> install them/run the files.
> 
> Hot and warm backup sites are easily compromised. CryptoLocker
> attempted to encrypt the contents of your local drive and any
> attached drives including network shares. Cold backups - those taken
> and stored on devices or at locations which were never reattached -
> are not compromised, for obvious reasons. At the time, it was
> difficult to detect and prevent through traditional antivirus
> programs. The first attempts at detecting and protecting systems from
> CryptoLocker of which I'm aware came through OpenDNS as the virus
> made a distinctive but rapid series of DNS queries.
> 
> Encrypting your local disk won't help against this but it will help
> for other reasons. It won't help against CryptoLocker or most other
> viruses as those run while your disk is mounted and operating system
> is active. Whether the local disk is encrypted is then irrelevant -
> the OS is unaware of the disk's encrypted status. Even using file and
> folder encryption rather than whole-disk encryption doesn't help -
> encrypted files can easily be encrypted again, onion-style.
> 
> I know one Devon-based support contractor was finding support
> following CryptoLocker infections became a primary revenue stream for
> a while. They're a notable, central company too, so it's a big
> business both for the virus designers and for people further down the
> food chain.
> 
> Encrypting your local drive simply means people who might be able to
> remove your hard drive and access your files are unable to do so. I
> had a MacBook stolen from a car in Exeter during the summer. Without
> local encryption, the thieves would have been able to freely browse
> my hard drive. I still changed passwords as paranoia isn't always a
> bad approach, but it's likely unnecessary if the encryption is good.
> 
> The easiest methods of preventing and protecting your system against
> this are honestly the same methods you should be using generally:
> 
> 1) 321 backups: 3 copies, 2 different types of media, 1 stored
> off-site. 2) Verify the backups are good and keep historical copies.
> 3) Don't install programs/run files you didn't specifically look for.
> 
> I fail at all 3 of those at times, but it's still the most effective
> approach.
> 
Thanks for all the help and information from those who replied. I do
have backups, on external HD's and via spideroak. Of course, I don't
run a business so I am not so bothered as some would be. I also do not
click on any attachments unless I am very sure about them. As I keep
telling my wife and daughter, be vigilant.

Neil









-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq