[ale] Linux Ransom-ware

Alex Carver agcarver+ale at acarver.net
Mon Nov 9 12:13:59 EST 2015


I use rdiff-backup in pull configuration.  The machines being backed up
can't connect to the backup server on their own.  But the backup server
can reach out to the others (via public keys) and grab files.  The
restore operation would be a push from the backup server after getting
the target machine up with a base installation.

On 2015-11-09 09:00, Scott Plante wrote:
> Oh the other obvious (except to me a minute ago!) solution would be pull-backups, where the backup server can connect to your other boxes to pull backups, but there is little or no access to the backup server from it's clients. 
> 
> 
> I think my main point is a lot of people design their backups for different scenarios. There's hardware failure, probably the most common. There's the accidental deletion or corruption of your data, maybe a bug or fat-finger. There's physical site destruction, like a fire or natural disaster. Each of these adds to the needs of your backup scheme. We need to also look at our backup schemes from the hacking perspective these days, with it's own special requirements. 
> 
> ----- Original Message -----
> 
> From: "Scott Plante" <splante at insightsys.com> 
> To: "Atlanta Linux Enthusiasts" <ale at ale.org> 
> 
> 
> The article says it goes after backup files too. It seems what you need is either a backup drive or media you manually connect to do backups, or a separate backup server that only accepts new backups and doesn't give the client write access to old backups. I think it might be fairly easy to script something like this, but is anyone aware of an existing backup server software that does this kind of thing? Most of the backup software I've seen assumes you have read/write access to a "backup drive" whether that's a USB, NFS, or other network accessible mount, or of course a tape or dvd that someone manually changes. For all the advantages of removable media, you always have the problem of human error or laziness fouling up your backup regime, so automated is good. 
> 
> 
> For a backup server, it would of course be of some limited space. You wouldn't want the push process to be able to just keep pushing junk until your good backups are pushed off. Just a thought that popped into my head in the vein of maybe a push-only backup server is more complicated than I first thought. Seems like some of the issues people have worked out for log servers that accept log messages but are extra hard for hackers to mess with. 
> 
> ----- Original Message -----
> 
> From: "Leam Hall" <leamhall at gmail.com> 
> To: "Atlanta Linux Enthusiasts" <ale at ale.org> 
> Sent: Monday, November 9, 2015 5:53:07 AM 
> Subject: Re: [ale] Linux Ransom-ware 
> 
> On 11/09/15 04:35, DJ-Pfulio wrote: 
>> Linux Ransom-ware is out looking for ways to attack and encrypt your 
>> systems: 
>> https://krebsonsecurity.com/2015/11/ransomware-now-gunning-for-your-web-sites/ 
>>
>> Good news: They only want 1 bitcoin as payment. 
>>
>> Bad news: 1 BC is about US$420 and the unlock process doesn't put 
>> everything back exactly like it was. 
> 
> Good news; we're all now reminded to back up our files and sites. :) 
>


More information about the Ale mailing list