Helpful Hackers

[yogi]

We all have heard about the latest rage in the world of computer hacking. It's called ransomeware. If you become infected with it all the files on your computer are encrypted and you must pay the bad guys in order to get the key to unlock them. There are many variants of this extortion but one that has been investigated recently by ESET is called TeslaCrypt. The trend for it's use has been decreasing and the folks at ESET discovered who the hackers are. Once uncovered, ESET asked the hackers if they would be so kind as to release the encryption key. To their utter shock, the hackers published the key along with an apology

Incredible, eh?
http://www.businessinsider.com/ransomwa ... key-2016-5

[Kellemora]

This is one of the reasons I do a manual backup besides the automated backups.
Copy your corrupt files over your backup copy and you've just corrupted all of them too, hi hi...

Maybe they did so instead of facing prison terms?

[yogi]

A couple of months ago one of the administrator accounts for this website was being bombarded with e-mails from a particular spam source. It was not a huge attack but several messages a day encouraged us to open the enclosed attachment which was a .zip file and dead giveaway for trouble. All I could do is toss them in the junk folder which was a nuisance, but not a major threat as long as I did not open the attachment. A couple weeks ago it all stopped. I figured the source was shut down for some reason, but apparently it was a bigger story than I suspected. The encryption scheme used by a good portion of the ransomware attackers had been leaked. Presumably the leak was from an internal source. Much, but not all, of the nasty ransom attacks have been made ineffective by this leak. If you or somebody you know has been infected, you might be interested in this article.

http://securityaffairs.co/wordpress/482 ... yptor.html

[Kellemora]

Interesting article Yogi!
I wonder how much of that 200 million bucks the FBI managed to confiscate?
Looks like making illegal money, and a lot of it, was the reason for this malware.

I wonder if it affected folks running in User mode, instead of Windoze default Administrative mode?

[yogi]

The beauty of the ransom was that it was conducted through Bit Coin or some other alternate currency. Those accounts are virtually untraceable so that I doubt any of the money was retrieved by the FBI. And yes, the entire point of this scheme was/is extortion. It wasn't only unwary PC users that were affected. In fact the hackers preferred small businesses and large corporations. The payload was delivered by e-mail attachments and simply visiting infected web sites.

[Kellemora]

I guess it's a good thing I only have time to visit a few places, like those I stop in every day, like here, hi hi...

[yogi]

Safe browsing practices are always a protection onto themselves. Ransomware is a particularly vicious kind of threat that was difficult to mitigate. Given that one of the hackers leaked the cypher, I'd have to say there is no such thins as honor among thieves.

[Kellemora]

You know how paranoid I am about my data, hi hi...
People laugh at my redundant manual backups, but they have saved me many headaches.

Although I save the work on my own computer, and let Rsync copy it to an external drive, and off-site.
I still also save a manual copy in a different folder, and to an external I do manually.

I've had files become corrupt on my computer, and then the corrupt file overwrote the good file on the backup.
And this is the reason I always save a copy of what I was working on manually to a different HD.

The only hard part about recovery is figuring out where I have the most recent copy, hi hi...

As another precaution, I don't surf the web or do e-mail on the computers I use for important work.

Have a great day Yogi!

[yogi]

Redundancy is the key to success but this virus was capable of seeking out external drives (including NAS) and anything on the network such as your wife's computer. That's why is was so malicious. You are doing the right thing by backing up to a detachable and off line storage medium, but you must also be certain you are not copying over a dormant infection (Trojan) that will run at a later date. It seems that UNIX/Linux was not immune to ransomware.

There are many disaster recovery schemes, some of which are easier to maintain than others. Given all the computers you have, I'd guess it would be possible to save everything you ever created in a daisy chain arrangement of backup servers. It would be easy to recover lost data if you knew the approximate date of the last known good version. I also think a true mirror image of your primary work station could automate a lot of the backups, but I am not so sure you could prevent ransomware from infesting that.

[Kellemora]

As complicated as I may make it sound with all of my redundancy. In practice it is actually quite simple, and normally safe.

I keep a copy of the folders I do daily work from on my desktop. Seems this works better than fetching the folder from, and/or working directly from the external main drive I call File Server, and a lot safer.

Whatever document or sub-folder I worked on or in, I manually copy only that document or sub-folder to my manual backup external drive (this is a different external drive than the File Server external drive). Then when I'm all done for the day, I will Rsync the entire daily work folder back to the File Server Drive, keeping the copy on my desktop I work from.

I know the copies I did manually to the manual backup drive are clean. So I can use Rsync to copy both the File Server drive and manual backup drive to an off-site drive, I physically carry from the house to my office to run the backup on. Currently I do not have access to the one which was on the LAN before we got Debi's new Win 10 computer. I did bring an old Linux box down there to set up for that purpose, but she decided to try it for some of her work, she likes it so I may let her use it, and later reconnect the old backup drive to it.