[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Safety from scammers

To: "list@xxxxxxxxxxxxx" <list@xxxxxxxxxxxxx>
Subject: Re: [LUG] Safety from scammers
From: MWilliams <MWilliams@xxxxxxxxxxxxxxxx>
Date: Wed, 28 Oct 2015 08:53:15 +0000
Accept-language: en-GB, en-US
Authentication-results: spf=none (sender IP is ) smtp.mailfrom=MWilliams@xxxxxxxxxxxxxxxx;
Content-language: en-GB
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1444208763; h=Sender:Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:MIME-Version:In-Reply-To:References:Message-ID:Date:To:From; bh=x5SdmHys0ggR5ffjc4Gxx2cKbLW+y0Ln6xCAWEw3ENg=; b=m3hsLVH4deH4JsmEekMgvb9uWUPYA0oPAUqG22fLsahplIvdy8qFUdLAhEAfw+8Pz1Q9hbQeZPZ6ct0sx/2rvdr4XoZ4jdPKbbWGf0ZGp/NwWKIoRk+V04WAZp2ccVLYg1FAO0JyJKC7NY4tC0cbh0A+JDGpgyGQ7f9dPu4c61Q=;
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:23
Thread-index: AQHREVl4m9fVnfAh10OQQP6IxZKvHZ6Aktq9
Thread-topic: [LUG] Safety from scammers

The virus you mentioned is probably CryptoLocker. It started in 2013 and has since 
been foiled somewhat due to the public release of keys used to encrypt many users' 
files. There are lots of similar variants, but again, Linux versions are rare. You'd 
also have to install them/run the files.

Hot and warm backup sites are easily compromised. CryptoLocker attempted to encrypt 
the contents of your local drive and any attached drives including network shares. 
Cold backups - those taken and stored on devices or at locations which were never 
reattached - are not compromised, for obvious reasons. At the time, it was difficult 
to detect and prevent through traditional antivirus programs. The first attempts at 
detecting and protecting systems from CryptoLocker of which I'm aware came through 
OpenDNS as the virus made a distinctive but rapid series of DNS queries.

Encrypting your local disk won't help against this but it will help for other 
reasons. It won't help against CryptoLocker or most other viruses as those run while 
your disk is mounted and operating system is active. Whether the local disk is 
encrypted is then irrelevant - the OS is unaware of the disk's encrypted status. 
Even using file and folder encryption rather than whole-disk encryption doesn't help 
- encrypted files can easily be encrypted again, onion-style.

I know one Devon-based support contractor was finding support following CryptoLocker 
infections became a primary revenue stream for a while. They're a notable, central 
company too, so it's a big business both for the virus designers and for people 
further down the food chain.

Encrypting your local drive simply means people who might be able to remove your 
hard drive and access your files are unable to do so. I had a MacBook stolen from a 
car in Exeter during the summer. Without local encryption, the thieves would have 
been able to freely browse my hard drive. I still changed passwords as paranoia 
isn't always a bad approach, but it's likely unnecessary if the encryption is good.

The easiest methods of preventing and protecting your system against this are 
honestly the same methods you should be using generally:

1) 321 backups: 3 copies, 2 different types of media, 1 stored off-site.
2) Verify the backups are good and keep historical copies.
3) Don't install programs/run files you didn't specifically look for.

I fail at all 3 of those at times, but it's still the most effective approach.

________________________________________
From: list <list-bounces@xxxxxxxxxxxxx> on behalf of Neil Winchurst 
<barnaby@xxxxxxxxxxxx>
Sent: 28 October 2015 8:19 AM
To: list@xxxxxxxxxxxxx
Subject: [LUG] Safety from scammers

A new series of three programs has started on Channel 5, Fridays at 7
pm. It is about how scammers work nowadays. I looked at my recording of
the first one yesterday evening. Scary.

It is not just about computers, but includes other items such as scam
phone calls and scam mail. However there was one section about a fairly
new method called ransom scam. The scenario goes like this.

You go to log on to your computer as normal but just see a message on
the screen telling you that your computer has been hacked and all your
files have been encrypted. The hackers will kindly decrypt them for a
fee, which often is requested in bit coins. One catch, there is a
deadline for payment. Miss that and the fee goes up. If you use your
computer for your business you have a problem.

This is proving to be very profitable for the scammers, and has become
very sophisticated recently. Even if you have backups, they often turn
out to be encrypted too.

So this raised a couple of questions in my mind.

As Linux users are we less likely to have this problem?

When I install a new version of Linux, (I use Xubuntu 14.04 LTS at the
moment, but a new LTS version is due out next April), I notice an
option to 'encrypt the whole disk'. I have always ignored this, but
would it be a good idea to go along with it?

Any thoughts on this?

Neil




--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq
-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Follow-up: Re: [LUG] Safety from scammers
- From: Neil Winchurst

References:
- [LUG] Safety from scammers
  - From: Neil Winchurst

Prev by Date: Re: [LUG] Yahoo, was: Web based emails
Next by Date: Re: [LUG] Safety from scammers
Previous by thread: [LUG] Safety from scammers
Next by thread: Re: [LUG] Safety from scammers
Index(es):
- Date
- Thread