Ransomware on Linux

Nik-Ken-Bah

Well-Known Member
Joined
Sep 9, 2019
Messages
735
Reaction score
716
Credits
2,741
I just run across this and thought you fellas would be interested in this video as it deals with ransomware on Linux.
It just made me more aware as the commentator says that they are beginning to target Linux due to its use on servers
The video was uploaded to YouTube on the 26 Sept 2021.

 


Here is a link on Bleeping Computer about how these guys are now developing Ransomware for Linux. We had a discussion not long ago here on Linux.org about EDR solution for Linux and whether they were even required. I think this link supports my position on the subject.

Hive ransomware now encrypts Linux and FreeBSD systems
 
There's a storm a'comin' with this ransomware. One of the best ways to avoid being a victim is to have *offline* backups, meaning backups that are air-gapped from your system.
 
I turn my computer off when not in use.
I imagine this curse is a threat from windows as it's losing customers to Linux.
 
From securityboulevard.com: 5 Best Practices for Surviving Ransomware
Practice 1: Multi-factor authentication (MFA)
Practice 2: Encryption
Practice 3: Log and Usage Analysis
Practice 4: Harden the Infrastructure
Practice 5: Backups
 
Last edited:
Because Windows, Mac, and Linux are considered the big 3 operating systems, of course they're more-likely to get the attention of hackers. Yes, Linux is the go-to for FOSS, but that's putting all of your eggs in one basket. To make sure that the critical infrastructures of society don't come to a grinding halt, the best thing is to have numerous operating systems based on FOSS.
 
It’s unlikely to affect desktop users as most desktop users don’t run internet facing server software on their laptops/desktops.
The primary method of infection is through vulnerable servers/services.

And even then, as long as you keep your servers up to date and configured securely, there is less risk that you’ll get pwned.

It’s never going to be zero risk, because there’s always a small chance that the bad guys might find and exploit a new vulnerability before it has been found, disclosed and fixed by the security community. But if everything is up to date and configured securely - there’s less chance of your servers being hacked.

The only way desktop users will be affected is if they’re the type of user who will indiscriminately download and run any old crap they find on the internet. In which case, they’re at risk of getting infected no matter what OS they’re running!
We probably all now at least one person like this. I know several! Ha ha!
 
It’s unlikely to affect desktop users as most desktop users don’t run internet facing server software on their laptops/desktops.
The primary method of infection is through vulnerable servers/services.

And even then, as long as you keep your servers up to date and configured securely, there is less risk that you’ll get pwned.

It’s never going to be zero risk, because there’s always a small chance that the bad guys might find and exploit a new vulnerability before it has been found, disclosed and fixed by the security community. But if everything is up to date and configured securely - there’s less chance of your servers being hacked.

The only way desktop users will be affected is if they’re the type of user who will indiscriminately download and run any old crap they find on the internet. In which case, they’re at risk of getting infected no matter what OS they’re running!
We probably all now at least one person like this. I know several! Ha ha!

I'm glad we have people having a background like yours to instruct people on how to protect themselves from these attacks, and to not lose their head in the process (which is advice I should try to follow more).
 
There's a storm a'comin' with this ransomware. One of the best ways to avoid being a victim is to have *offline* backups, meaning backups that are air-gapped from your system.
Or you could just use a thumb drive version of your favorite distro to go on line. Another option would be to use a drive caddie mounted drive to go online, as I do. That drive has no personal info on it. Let them do what they want. I will flush it with the rest of the garbage!
 
Or you could just use a thumb drive version of your favorite distro to go on line. Another option would be to use a drive caddie mounted drive to go online, as I do. That drive has no personal info on it. Let them do what they want. I will flush it with the rest of the garbage!
But be careful if your thumb drive or drive caddie distro automatically mounts your other drives. Many distros will do that, and that would put those more important drives and their data at risk too. As @KGIII said in post #3 above, air-gapped backups of your important data is just about the best protection you can have... after the fact... if you become a victim.

How to keep from becoming a victim takes serious attention. What tools to use, what websites you surf, what software you choose to install, and many other choices that boil down to your own behavior every day. We are all different in that respect, some more cautious than others. As @JasKinasis said, "It's never going to be zero risk."

I don't look at ransomware much different from any other catastrophe as a home user (corporate networks are a different story). What if your hard drive dies suddenly? What if your whole computer gets smoked by a lightning strike? What if your computer is stolen? Would any of these events be totally devastating for you because of data loss? Again, that air-gapped backup is a cheap and effective insurance policy... but you have to keep it up to date for the best protection.

[EDIT]
Want even more insurance? Keep a backup outside your home... either in the cloud, or on storage media left with trustworthy friend or family. This protects your important data from theft, fire, flood, tornado, hurricane, earthquake... well, you get the idea. Don't really trust the cloud or friend/family? Encrypt the backup first. Offsite storage is the best air-gap you can get. ;)
 
Last edited:
Or you could just use a thumb drive version of your favorite distro to go on line. Another option would be to use a drive caddie mounted drive to go online, as I do. That drive has no personal info on it. Let them do what they want. I will flush it with the rest of the garbage!

That'd work if you don't generate data that you'd like to keep. Most of us (I'm pretty sure) have files downloaded, personal files, etc., and we'd like to keep the data rather than be forced to recreate it - if it's even possible to recreate it.

I have zillions of pictures and hundreds of fully finished songs recorded. I'd hate to lose 'em.

That said, I doubt the average *desktop* Linux user will be a target at first. There are juicier targets, as Linux runs the overwhelming majority of servers.

The most they're gonna get from a desktop user is what, a hundred bucks? Maybe a few hundred? Imagine how much more they can get by encrypting all of the patient information at a major hospital campus.
 
Keep a backup outside your home...

LOL It's on my list! Probably in my next binge of writing, I'll finally do my article about backups. Most people are doing backups 'wrong'. (In a non-optimal way. People hate being told they're wrong.)
 
Imagine how much more they can get by encrypting all of the patient information at a major hospital campus.

Do they encrypt their patient information, or do they keep that on a separate server that can't be easily accessed?
 
Even if they encrypt the data, it won't stop someone else from encrypting it again.

There's a line between security and usability, so they need to access that data somehow to constantly update it. They'll do things like require a VPN, MAC filtering, 2FA, etc... But, it's still connected and those things only slow down a determined attacker.
 
But be careful if your thumb drive or drive caddie distro automatically mounts your other drives.
What other drives? I only plug in one drive at a time. That's the beauty of it, I can Do an install without having to worry about grub. Every drive, except the dvd writer, is removable - and is removed!
 
Last edited:
What other drives? I only plug in one drive at a time.
No internal storage? Cool, mate. :cool:


I have zillions of pictures and hundreds of fully finished songs recorded. I'd hate to lose 'em.
While ransomware seems to strike corporate and government targets more often, it's precious data like you just described that really motivates people to pay a ransom, even if a much cheaper scale. Some family photos may be irreplaceable... it's a hard decision if there are no other backups.
 
It’s unlikely to affect desktop users as most desktop users don’t run internet facing server software on their laptops/desktops.
The primary method of infection is through vulnerable servers/services.

And even then, as long as you keep your servers up to date and configured securely, there is less risk that you’ll get pwned.

It’s never going to be zero risk, because there’s always a small chance that the bad guys might find and exploit a new vulnerability before it has been found, disclosed and fixed by the security community. But if everything is up to date and configured securely - there’s less chance of your servers being hacked.

The only way desktop users will be affected is if they’re the type of user who will indiscriminately download and run any old crap they find on the internet. In which case, they’re at risk of getting infected no matter what OS they’re running!
We probably all now at least one person like this. I know several! Ha ha!
I must respectfully disagree. Statistically speaking, the primary way ransomware infections normally get a foothold is through social engineering. (ie, end users) Normally through email, web surfing, or downloading stuff off the Internet.
 
I must respectfully disagree. Statistically speaking, the primary way ransomware infections normally get a foothold is through social engineering. (ie, end users) Normally through email, web surfing, or downloading stuff off the Internet.
From your link:
Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.

How to have fun with Javascript. It's not just about analytics and data scraping. :(

[EDIT]
Granted, Linux will not just "install without the user's knowledge"... at least not usually. But how many people might blindly type in their root password if prompted while surfing? Or what if the malicious script has an exploit that will install without asking for a root password? Or maybe some users are running their browser as root to begin with, like silly Windows users? Many new Linux users are not aware of how/why Linux is more secure, and this is a good example.

I have a cousin who got ransomware years ago (on Windows, with a current anti-virus). It was probably from an email attachment, but he denies that he opened any attachments. Perhaps. He could have got it from a drive-by download too. He had backups and did not pay the ransom. :)
 
Last edited:

Members online


Latest posts

Top