[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wed, 28 Oct 2015 08:53:15 +0000 MWilliams <MWilliams@xxxxxxxxxxxxxxxx> wrote: > The virus you mentioned is probably CryptoLocker. It started in 2013 > and has since been foiled somewhat due to the public release of keys > used to encrypt many users' files. There are lots of similar > variants, but again, Linux versions are rare. You'd also have to > install them/run the files. > > Hot and warm backup sites are easily compromised. CryptoLocker > attempted to encrypt the contents of your local drive and any > attached drives including network shares. Cold backups - those taken > and stored on devices or at locations which were never reattached - > are not compromised, for obvious reasons. At the time, it was > difficult to detect and prevent through traditional antivirus > programs. The first attempts at detecting and protecting systems from > CryptoLocker of which I'm aware came through OpenDNS as the virus > made a distinctive but rapid series of DNS queries. > > Encrypting your local disk won't help against this but it will help > for other reasons. It won't help against CryptoLocker or most other > viruses as those run while your disk is mounted and operating system > is active. Whether the local disk is encrypted is then irrelevant - > the OS is unaware of the disk's encrypted status. Even using file and > folder encryption rather than whole-disk encryption doesn't help - > encrypted files can easily be encrypted again, onion-style. > > I know one Devon-based support contractor was finding support > following CryptoLocker infections became a primary revenue stream for > a while. They're a notable, central company too, so it's a big > business both for the virus designers and for people further down the > food chain. > > Encrypting your local drive simply means people who might be able to > remove your hard drive and access your files are unable to do so. I > had a MacBook stolen from a car in Exeter during the summer. Without > local encryption, the thieves would have been able to freely browse > my hard drive. I still changed passwords as paranoia isn't always a > bad approach, but it's likely unnecessary if the encryption is good. > > The easiest methods of preventing and protecting your system against > this are honestly the same methods you should be using generally: > > 1) 321 backups: 3 copies, 2 different types of media, 1 stored > off-site. 2) Verify the backups are good and keep historical copies. > 3) Don't install programs/run files you didn't specifically look for. > > I fail at all 3 of those at times, but it's still the most effective > approach. > Thanks for all the help and information from those who replied. I do have backups, on external HD's and via spideroak. Of course, I don't run a business so I am not so bothered as some would be. I also do not click on any attachments unless I am very sure about them. As I keep telling my wife and daughter, be vigilant. Neil -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq