Page 1 of 4 123 ... LastLast
Results 1 to 10 of 33

Thread: ransomeware attack

  1. #1
    Join Date
    Mar 2006
    Location
    Slipery Slope, Earth
    Beans
    746
    Distro
    Ubuntu 20.04 Focal Fossa

    ransomeware attack

    Hello Forums:

    Ransomware attacks are becomeing common.

    I use ubuntu on all of my computers at home.

    What should I do to prepare and prevent a ransomware attack?

    Thank you,
    Old Jimma

  2. #2
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: ransomeware attack

    • Have a secure backup server. An old system or a raspberry-pi v4 are fine. Just needs to have fast enough networking (GigE) and sufficient storage connected.
    • Create daily backups.
    • Versioned - enough versions so you'll recognize corrupted files BEFORE the oldest versioned backup expires,
    • automatic - manual backups just don't happen. Humans get lazy, forget.
    • "Pulled" by the server, never pushed by the client.
    • The client(s) systems should have no direct access to the backup storage. Definitely do not use shared storage or network storage.
    • Backups need to be verified as restore-able. We've all heard stories about people doing backups for years that were corrupted because nobody actually tested the restore.


    If you want to be more secure, have the backup server be the only system with remote access (use the sshd_config to allow only specific IPs), and allowed only to run the few backup commands like creating snapshots, mounting the snapshot read-only, running the remote backup tool for the "pull", and cleaning up the mount/snapshot post-backup. This should all be authenticated using ssh-keys. This setup is how github works to allow git access to hundreds of thousands of people while limiting all other access.

    As for prevention, that's mainly
    • being a smart human and doing all the normal stuff in the most dangerous programs (email and browsers).
    • Run those programs under constrained environments.
    • Stay on updated, patched, supported, OSes running updated, patched, supported programs.
    • Don't allow javascript from most locations.
    • Use network blocking to prevent the bad parts of the internet from having access to any of your high-risk systems (any desktop with a browser is high-risk).
    • Don't open unexpected attachments.
    • Don't click on unexpected links.
    • There are lots of "How to be safe online" lists. https://krebsonsecurity.com/2011/05/...online-safety/
    • Do what the UbuntuForums "Security" Sticky threads suggest.
    • And have daily, automatic, versioned, "pulled", backups that are validated.

  3. #3
    Join Date
    Mar 2006
    Location
    Slipery Slope, Earth
    Beans
    746
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: ransomeware attack

    Thanks, Fu.

    I've an old huge desktop that neary went into the recyling bin yesterday.

    Now I know what it is for!

    Many thanks!!!!

    Old Jimma

  4. #4
    Join Date
    Mar 2006
    Location
    Slipery Slope, Earth
    Beans
    746
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: ransomeware attack

    Hi Fu:

    I studied your reply and have a further question.

    In "pulling" backups, do I set up an nfs network that allowss the "backup computer" to read and pull data?

    Is that all there is to it?

    Thanks,
    Old

  5. #5
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: ransomeware attack

    Quote Originally Posted by Old Jimma View Post
    Hi Fu:

    I studied your reply and have a further question.

    In "pulling" backups, do I set up an nfs network that allowss the "backup computer" to read and pull data?

    Is that all there is to it?

    Thanks,
    Old
    NO!!! Never use NFS or CIFS or SAMBA or any storage sharing method for backups! Use a client/server backup tool that requires strong, key-based, authentication from the server TO the client. There are many tools with that capability.

  6. #6
    Join Date
    May 2010
    Beans
    1,603

    Re: ransomeware attack

    Offline backups of anything important to you. The OS can be reinstalled then your data restored

  7. #7
    Join Date
    Oct 2005
    Location
    Lab, Slovakia
    Beans
    10,432

    Re: ransomeware attack

    Ransomeware is mostly a Windows problem. You are already using Linux, so make a backup of your data once in a while on a USB widget, chuck it in a drawer where no hacker can find it, then relax and enjoy your reasonably secure system.

  8. #8
    Join Date
    Mar 2006
    Location
    Slipery Slope, Earth
    Beans
    746
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: ransomeware attack

    Thanks, HermanAB!!!

  9. #9
    Join Date
    Mar 2006
    Location
    Slipery Slope, Earth
    Beans
    746
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: ransomeware attack

    HI TheFu:

    I've studied your reply, and like it. I want to discuss it with you.

    I like the idea of a separate machine doing backups and providing security for my stuff.

    Also, I like the idea of the process doing it all by itself, without me arround to tend the process, screw it up, or forget all about it if I do it myself.

    However, it will probably be a long road and steep learning curve.... but I'd like another project and this one has obvious benefits.

    So, I've got a few quesitons for you:

    1. hardware: I sent my old computer to the city dump. Also, I loaded dacula on my pi 3b. It choked. I'm thining about a used Lenovo desktop with an i7and 16GB ram that boots from an SSD and has 2ndary storage on a 14TB mechanical hard drive.

    2. software: dacula (because my web searches rate it highest).

    3. connectivity: on my home network

    Hope would might comment on whether those are good starting points.

    I'm sort of concerned that the machine I'll choose will be connected to the internet because it is on my home network. I wondered if this is a fatal flaw. I'm very interested in your comment about that.

    Thanks for pointing me in a good direction.

    Old and Aging Even Further Jimma From The Old Country

  10. #10
    Join Date
    May 2010
    Beans
    1,603

    Re: ransomeware attack

    Dacula? ...... do you mean Bacula?

Page 1 of 4 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •