New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Linux.Encoder.1 ransomware
So last week I got a few ex clients calling me that their site was encrypted and if I could fix it. My reaction was a the professional version of 'Nope, you're fucked. Hope you have a backup, restore that, patch it right away and hope for the best'.
However, I was happy with the fact that the cryptolocker stuff stayed on the windows desktop side of things...
http://krebsonsecurity.com/2015/11/ransomware-now-gunning-for-your-web-sites/
Any of you guys/gals seen this or got hit by it? Or clients of you? How do you respond?
Comments
That is unfortunate and giving bitcoin and Linux a bag reputation.
Interesting, I did think you needed to be root when you run the infected file to have trouble, they fixed that encrypting everything the web server / php has write access to.
Clever shit and scary. Anti virus for GNU/Linux seems like a promising market.
As far as clients or infected people... clean reinstall and ask to restore a backup seems the best way... giving up to the ransom isn't to do imo.
Clever idea from a scammer's point of view, since PHP can handle PKI and often has write access to the web root and the database. Probably nothing that can be done about it when it's too late.
Long term the solution is securing your server and website and making backups. Immutable storage for the web root is often a good step but is not user friendly.
I have seen reports of this, yes. However, not a large number of them for what it's worth.
We've had a couple at work.. it's pretty smart indeed!
No. Linux and Bitcoin are both instruments, just instruments. They serve neither Good, nor Evil.
Example: murderer slaying people with axe can't give bad reputation to axes.
A "professional website designer" who does not update his CMS, has no backups and pays the ransom. Idiot.
I so hoped that this ransomware encryption viruses and et cetera would stay away forum Linux. :<
Backups, backups and backups guys!
Ah, the three B's. I prefer the three S's approach: Security, security and security!
Then you get hit by the good old deadpooled host.
While security is important, IMO backup has more significance over security. It can save you from hardware failure as well.
Both! Be secure as much as you can, backup everything in case you need to either start fresh after having been compromised or after an host crash...
Same here. But seems like as linux is taking more room in the desktop share, virus will start to flow a bit more than they used to. But if you aren't root the damage is somehow limited I think so it could be worse!
All those BS are important.
There's a free tool that can decrypt files apparently, thanks to an error in the code: cio.com/article/3003456/first-linux-ransomware-program-cracked-for-now.html
Yes, both is important so always remember to BS.
Anyway, I mentioned backups first because of the article and the guy there with his "behind on backups".
Of course security is important however depending on what you manage you're not responsible for what your clients host in terms of security (like the friend of the guy from the article who didn't bother to install updates on his software).
Unless it was fully managed but I doubt...
Setup pull-Backups first. Then backup that again elsewhere in a different format . (eg. Rsnapshot pull, then attic/bup/borg push that backup )
Now you're ready to fu** sh*t up with your own 'cleverness'.
That's the price to pay, when you think following some random tutorial makes you an admin.
chmod a+wFTWSeen it, wrote a variant of it, and published the code to gitlab under private repo.
Only difference is I wrote a backdoor ssh shell + web shell (for testing), and making it host tor hs for easy connection of ssh shell.
Easy fix:
chattr +i /var-/www/html
(Cough: I hate CloudFlare)
Sure, you're forgetting all the other directories. Would you mind running the same code for your mysql directory? Plus you better use a -R with that
I had a family member hit my Cryptoware randsom. It was pretty devastating considering she did not keep backups. The learn the lessons the hard way unfortunately...
They keep backups now. For sure.
???
groan
I mean... I understand the need for hackers, and can somewhat understand the need for criminals... but why do they have to be a pain in the ass?
What the? Who needs hackers (i.e., crackers) and/or other criminals?
Ha.
And this, kids, is why you don't roll your own crypto implementations.
You could probably make some serious money if you'd write your own crypto malware, combine it with a bit of nmap/metasploit to get infections and be done. As in, the code would probably be outstanding quality.
This is not really the problem - The Russians have excellent kits for that already, they trade for like 500-5000$ on forums.
The real problem is getting money out of it - "Layer 8 problems" don't know how to get/use BTC, Ukash is dead, PSC is basically owned by Austrian gov with all the orders they get and needs an expensive/strict merchant acc, Prepaid CCs require a normal merchant account to cash out... and so on, not easy and especially hard outside of a country with lax banking laws and easy incorporation (UK, AE, HK, SG) like Russia (where they obviously want the money to end up).
It is not really a good business, yes, it surely generates money but compared to other things (reshipping scams, IRS fraud, CC hacks) not really much. The executing hardware might, over a longer timeframe, even be worth more as botnet client than wasting it on a ransomware scam that maybe a few % pay in the end.
Aside from moral qualms, I would not trust myself enough to write crypto code either
I made the distinction for a reason. Read this quarter's 2600, it's very explicit on the subject.
The world needs people to push things to their limits. That's what hackers are, that's what hackers do. Criminals are essential, as they force us to evaluate and re-evaluate our perception of right and wrong.