Ransomware [was Re: Backups [was Re: Is tape dead?]]

Mouse mouse at Rodents-Montreal.ORG
Wed Sep 16 13:41:18 CDT 2015

> There is a ramsomware variant that encrypts the files but silently decrypts $

This depends on the backup-taking accessing the files in a way that
doesn't trip the decryption.

It also depends on nobody test-restoring from the backups, or at least
not sanity-checking the results if they do.

It also depends on being able to infect the OS and sit there for months
without anyone noticing.

> As to how one can become infected, see http://www.theregister.co.uk/2015/08/$

This depends on the user - perhaps by proxy in the form of something
the user runs - executing content offered by the malvertising-serving

Thus, defense in depth:

(1) Don't run things that execute live content without explicit,
specific approval by the user.  Educate users as to the few cases when
giving such approval is sane.

(2) Avoid common OSes and ISAs, so that most malware (ransomware or
otherwise) can't run even if it gets through to the machine.

(3) Test-restore from your backups periodically.

Of course, most people will say they "can't" do one or more of those,
actually meaning they're not willing to pay the prices involved.  Such
people need to realize that they will pay one price or the other, and
they'll just have to decide which prices they prefer.  Personally, I do
about two and a quarter of the above: (1), 3/4 of (2), and 1/2 of (3).

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse at rodents-montreal.org
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

More information about the cctalk mailing list