Jump to content

CryptoLocker, another ransomware...

longbyte1

By longbyte1
in Science & Spaceflight

 Share

Recommended Posts

K^2

K^2

Posted
Posted
Well, if the context is that you only want to safeguard against one partial failure mode, and not against others that are common or less common, then I guess it is :D Though I would argue that any user just interested in that is not making a backup, but improving uptime - creating a backup for the function of the hard drive, rather than the data on it.

It really depends on level of abstraction. If you are looking at an array as a single unit, I can see why it makes sense to think of it as uptime, rather than backup. I still think of each individual hard drive as a unit of storage. From my perspective, if I lose a drive, I have a backup on corresponding parity.

Although, the fact that you can actually keep using RAID 5 with a drive down is all sorts of nifty. Makes me wonder why more intricate error-correction schemes aren't more common. I could even think of some RAID-like setups that would be ransomware-resistant. Having some breadcrumbs remain from plain text can do wonders in aiding an attack on a cipher.

Link to comment
Share on other sites
Camacha

Camacha

Posted
Posted
Although, the fact that you can actually keep using RAID 5 with a drive down is all sorts of nifty. Makes me wonder why more intricate error-correction schemes aren't more common. I could even think of some RAID-like setups that would be ransomware-resistant. Having some breadcrumbs remain from plain text can do wonders in aiding an attack on a cipher.

It is coming, with ReFS and ZFS, but the introduction is annoyingly slow. I experimented with ReFS a while ago, but things were not quite ready, mostly due to thirds parties. Though I suspect you mean somewhat more complex schemes too?

Link to comment
Share on other sites
Laie

Laie

Posted
Posted
How did a thread about malware get derailed to backups..?

Because backups are the only sensible solution to the issue?

I could even think of some RAID-like setups that would be ransomware-resistant.

I can't. Snaphotting may or may not come in handy, that depends on the sophistication of the attack. But your best bet is having a backup. Stored at least on another machine, or preferably offline, and most preferably offsite on the far side of the moon.

Link to comment
Share on other sites
pxi

pxi

Posted
Posted
Surely, that's context dependent. If the only kind of failure I want to safeguard against is mechanical drive failure, which is usually the only one that's entirely out of my hands as a user, then RAID is just as good as the first backup layer. Not that having something like a weekly off-site backup isn't a good idea to have on top of that, even for a personal machine. Fortunately, there are now cloud services that make it really easy.

RAID is useful, but not a silver bullet. Consider a couple of things:

* Disks in RAID arrays often come from the same batch.

* All the members in a RAID array tend to be in the same physical environment, and subject to very similar physical stresses (heat, vibration, power fluctuations, etc.)

* The rebuild of an array is a fairly intensive affair, which places stress on disks that may already be teetering on the edge of failure for the reasons stated above.

Once a single disk in the array goes, the chance of another disk going in quick succession rises quite dramatically. As has been said elsewhere, RAID, as with other forms of redundancy is aimed at maximising uptime, not preserving the integrity of your data. It's not at all a backup, even though it might walk and quack like one.

Link to comment
Share on other sites
longbyte1

longbyte1

Posted
  • Author
Posted

RAID is for fault tolerance; it will protect you from physical drive failure. I have a very old server (still in use) that is set up in RAID 5. It's saved the server a couple of times, but since it is old, you can only find up to 75 GB drives.

However, RAID will not protect you from software failure.

Link to comment
Share on other sites
  • 2 weeks later...
SciMan

SciMan

Posted
Posted

Nor will RAID save you from wetware failure, which is precisely what getting ransomware is. (wetware = brain)

Sorry if anyone's insulted by this, but it's true.

If a computer gets a virus, the user's brain failed to properly set up the computer to defend against it.

At the very least, you should have an antivirus set up for daily scans and very frequent virus definition updates, and a white-list based firewall.

Personally, I use AVG. Started using it after I got a virus 2 years after building my PC. Haven't had a problem since. And it tells me if stuff is trying to do things it doesn't think it should be doing.

I don't use facebook or twitter, and only use my email address for signing up for forums and stuff like that.

If I get an unsolicited link, I don't click it. Especially if it's from someone I've never heard of.

Heck, I've even got auto-play turned off for my CD/DVD drive.

The best way to avoid falling victim to a social engineering attack is to not read one in the first place. Of course, being asocial helps too (I'm a loner).

Most importantly, above all else: I don't keep personal data on my computer. Every last byte of data on my computer is strictly in the "I'd miss it if it's gone, but it's not the end of the world" category.

No family photos, no business accounting data, no doctorate thesis, nothing at all that I don't think I could get again. And DEFINITELY no passwords.

As a matter of fact, I'd say that the most valuable thing on my computer is my bookmarks list. But that would easily fit on a flash drive.

If I get ransomware, I'm wiping all my drives and starting over.

Sure, recovering from it would be a major pain in the butt, but I need an excuse to buy those two new video cards for my new computer anyways.

Not that I'm going to go out looking for a virus or anything.

Link to comment
Share on other sites
steve_v

steve_v

Posted
Posted
It is coming, with ReFS and ZFS, but the introduction is annoyingly slow.

Coming? ZFS has been production ready for quite some time now. :P

By personal "backup" solution revolves around it: Regular filesystem snapshots, replicated to a big ol' RAIDZ6 tank in another machine, with a subset replicated again to an external drive. The really important stuff is also encrypted and duplicated on a remote VPS.

It's by no means bulletproof, but it provides redundancy, a cold backup, and speedy restores. ;)

Of course, a serious wetware failure could still replicate through any number of automatic backups if not caught quickly enough.

While I have eradicated several infestations from other people's systems, IME it's always user error that lets the nasties in in the first place. Don't want malware on your system? don't download malware.

Admittedly, some default settings in *ahem* certain well known operating systems make this far too easy to do.

Link to comment
Share on other sites
magnemoe

magnemoe

Posted
Posted
RAID is for fault tolerance; it will protect you from physical drive failure. I have a very old server (still in use) that is set up in RAID 5. It's saved the server a couple of times, but since it is old, you can only find up to 75 GB drives.

However, RAID will not protect you from software failure.

Raid main benefit is to reduce downtime and to protect against loosing data not yet backed up.

System drives benefit of raid as it might take time to set up the system again. Databases as you don't want to roll back.

An NAS don't need raid, yes you save some time on just having to swap drives and NAS don't go down if you loose a drive.

You still need backup and you can access the files from the backup archive before fixing the nas drive so the raid is just luxury.

Personally and on work I use crachplan for backup, it has some nice features including storing multiple previous versions of files and let you set up a lot of backup options. backup to other drive, backup to other computers or cloud.

Backup at friend is an fun function, cooperate with an friend, you do backup at his place an he at your however you can not access your friends data only he can.

Link to comment
Share on other sites
jwenting

jwenting

Posted
Posted
The private key is stored on the criminal's server. When you pay, CL will give you a key. This does work; cybercriminals are cunning and quite honest as well. When the police shut down the original CryptoLocker operation, the hard drive containing all of the private keys was found, and a service was set up to retrieve them at no cost.

If I were writing some ransomware I'd not bother with writing any way to unlock the victim's data. I'd just permanently garble it, take their bitcoins, and laugh very hard at their stupidity in believing they'd ever get their data back...

And yes, I'd demand bitcoins or some other non-traceable method of payment rather than stupidly accept a credit card transaction (or bank transfer) which can easily be traced back to me.

- - - Updated - - -

An NAS don't need raid, yes you save some time on just having to swap drives and NAS don't go down if you loose a drive.

You still need backup and you can access the files from the backup archive before fixing the nas drive so the raid is just luxury.

a non-RAIDed NAS goes down if the drive containing the data goes down... So RAID your NAS like you RAID any drive.

Link to comment
Share on other sites
magnemoe

magnemoe

Posted
Posted
If I were writing some ransomware I'd not bother with writing any way to unlock the victim's data. I'd just permanently garble it, take their bitcoins, and laugh very hard at their stupidity in believing they'd ever get their data back...

And yes, I'd demand bitcoins or some other non-traceable method of payment rather than stupidly accept a credit card transaction (or bank transfer) which can easily be traced back to me.

Problem with the first plan is that people will let it get known that paying does not help and the income stream will dry up.

And yes the first thing you will do if you run into an ransomware problem would be to google it, perhaps someone has an cure.

Bitcoins will probably confuse most of your clients/ victims, they are probably pretty computer literate (getting the ransomware and no backup)

a non-RAIDed NAS goes down if the drive containing the data goes down... So RAID your NAS like you RAID any drive.

Assuming you budget is limited who it is for most of us I would rather raid my system drive than an nas, nas is used for file storage of files not in everyday use, sharing between multiple computers and synchronizing.

I don't have one myself, having an tower with 6 drives as main computer and an cheap laptop then not at home.

However using raid 1 you will loose half your storage capacity, and you still need backup somewhere. better to use the second disk for backup, cloud is not very suitable if you have good amounts of data that is more than photos and documents.

Link to comment
Share on other sites
This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...