cancel
Showing results for 
Search instead for 
Did you mean: 

Feasibility of RPi as fileserver to avoid ransomware?

Community Veteran
Posts: 14,019
Thanks: 540
Fixes: 9
Registered: 01-08-2007

Feasibility of RPi as fileserver to avoid ransomware?

This ransomware thing isn't going to go away thanks to the USA creating the exploits and what with me being a bit slow at regular backups, I'm finding myself thinking it's only a matter of time until I finally take "the hit". I'm normally pretty good with PC security and haven't been hit with anything major for around a decade but with that said, it's just a matter of time before one of these CIA / NSA exploits gets the better of me.

So I'm looking at getting my external USB drive(s) off windows and was wondering if any of you have any experience of using a RPi for the job? - Ideally left running 24/7?

My thinking is this.. the ransomware keeps targetting windows systems (at the moment anyway) and encrypting files on drives en-masse would either require copying / encrypting every file as a stream off and back onto the disk or encrypting the file tables / boot records. If the nasty is going to do the latter then it won't be able to target them on a networked drive that it only has access to as a share... or am I missing something? - I mean i've never been able to defrag a networked drive so i'm assuming that similar low level disk access wouldn't be available to *ware too.

I'm also mulling over converting my big rig to *nix and then running windows in VMs on it instead.. that would at least allow instant backups if they get hit while the underlying OS remains usable.. not that i can tolerate the noise from it lol.

I need a new signature... i'm bored of the old one!
38 REPLIES
Community Veteran
Posts: 4,978
Thanks: 1,153
Fixes: 28
Registered: 16-10-2014

Re: Feasibility of RPi as fileserver to avoid ransomware?

Doing what you are suggesting can be done easily in a few hours, and leaving it on 24/7 isn't an issue but I would recommend a heatsink for the ARM.

Just remember to use an account that has read only permissions for the mounted share on Windows otherwise it too could fall victim as it will appear as another drive as far as any malware is concerned.

VileReynard
Seasoned Pro
Posts: 10,648
Thanks: 206
Fixes: 9
Registered: 01-09-2007

Re: Feasibility of RPi as fileserver to avoid ransomware?

Unfortunately the RPi shares ethernet and USB connections over a USB2 "bus".

This means that it is very slow.

Unfortunately, the only way to get a reasonable speed would be to put Linux on an unwanted laptop (removing the screen).

 

Community Veteran
Posts: 4,978
Thanks: 1,153
Fixes: 28
Registered: 16-10-2014

Re: Feasibility of RPi as fileserver to avoid ransomware?

@7up - @VileReynard's right, network I/O is not the best so repurposing an old PC or Laptop would be a better option, but you could always try it and see.

Community Veteran
Posts: 14,019
Thanks: 540
Fixes: 9
Registered: 01-08-2007

Re: Feasibility of RPi as fileserver to avoid ransomware?


Mook wrote:

Doing what you are suggesting can be done easily in a few hours, and leaving it on 24/7 isn't an issue but I would recommend a heatsink for the ARM.

Just remember to use an account that has read only permissions for the mounted share on Windows otherwise it too could fall victim as it will appear as another drive as far as any malware is concerned.


Hmm the read only thing concerns me here..

I obviously need to be able to write files to the network share too. As I said previously obviously if a process is going to read the filestream and encrypt it on the fly and write it back i'm stuffered - but thats the case with any network share.

What I am explicitly asking is.. will a process on a windows machine be able to encrypt the file table or boot record of a drive on a linux machine?

As for USB speed my big rig is usb 2 iirc and i think the smaller single core might be too - so i'm not overly concerned in that respect. I just need something low power that can be left running...

I need a new signature... i'm bored of the old one!
Community Veteran
Posts: 4,978
Thanks: 1,153
Fixes: 28
Registered: 16-10-2014

Re: Feasibility of RPi as fileserver to avoid ransomware?

Unless that particular exploit (process) can escalate to root on your Pi to trash it then No. The risk would be miniscule to say the least, but that's not to say it couldn't at some point in the future. Malware is always mutating.

VileReynard
Seasoned Pro
Posts: 10,648
Thanks: 206
Fixes: 9
Registered: 01-09-2007

Re: Feasibility of RPi as fileserver to avoid ransomware?

But Windows could still corrupt (or encrypt) user data files to which you have write access to.

The best protection against ransomware is frequent backups.

Community Veteran
Posts: 14,019
Thanks: 540
Fixes: 9
Registered: 01-08-2007

Re: Feasibility of RPi as fileserver to avoid ransomware?


VileReynard wrote:

But Windows could still corrupt (or encrypt) user data files to which you have write access to.

The best protection against ransomware is frequent backups.


Yes I've made it more than clear that I am aware of that first point!

As for the second.. whats to say that while you are performing a backup, both drives don't get hit and have their file tables encrypted at the same time? - then the backup is also fubar! There is always going to be risk somewhere foxy.. 

The only other way of doing it would be via web disk on teh RPi (webdav I seem to remember the official name being?) or using the even slower FTP.. but again even those files could be pulled down, encrypted and uploaded to replace the originals although it would slow the process down a lot!

I need a new signature... i'm bored of the old one!
Community Veteran
Posts: 4,978
Thanks: 1,153
Fixes: 28
Registered: 16-10-2014

Re: Feasibility of RPi as fileserver to avoid ransomware?

The only way that would happen is if the exploit could ‘talk’ FTP or the extended HTTP protocol of WebDav. These are protocols remember so in order to get a file from FTP they’d either need to know the name or do a LISTing parse it and request the files or MGET all the files only to MPUT them back after encryption, and the assumes they can get your login credentials. So I suspect you’d be save with either. But of course the same caveat as noted before still applies.

VileReynard
Seasoned Pro
Posts: 10,648
Thanks: 206
Fixes: 9
Registered: 01-09-2007

Re: Feasibility of RPi as fileserver to avoid ransomware?

These people aren't necessarily interested in encryption - overwriting networked files with binary zeroes is sufficient, provided that local files are recoverable when payment is received.

Browni
Seasoned Champion
Posts: 1,607
Thanks: 457
Fixes: 36
Registered: 02-03-2016

Re: Feasibility of RPi as fileserver to avoid ransomware?

Interesting take on the latest ransomware in Computing today

NotPetya ransomware intended to destroy, not extort money
'Little hope for victims to recover their data,' warns Kaspersky

Full story

I must have been really bad in a previous life. This is my 3rd ISP in a row that uses lithium.
Community Veteran
Posts: 4,978
Thanks: 1,153
Fixes: 28
Registered: 16-10-2014

Re: Feasibility of RPi as fileserver to avoid ransomware?

An interesting read @Browni.

Community Veteran
Posts: 3,054
Thanks: 196
Fixes: 3
Registered: 05-04-2007

Re: Feasibility of RPi as fileserver to avoid ransomware?

Scary now to think they are still at it, and I assume not bothering with a decryption method to make it easier and to take less time.

But they assume people think they can and still pay.

Browni
Seasoned Champion
Posts: 1,607
Thanks: 457
Fixes: 36
Registered: 02-03-2016

Re: Feasibility of RPi as fileserver to avoid ransomware?

Perhaps they are lithium programmers and have deprecated the decryption module Grin
I must have been really bad in a previous life. This is my 3rd ISP in a row that uses lithium.
VileReynard
Seasoned Pro
Posts: 10,648
Thanks: 206
Fixes: 9
Registered: 01-09-2007

Re: Feasibility of RPi as fileserver to avoid ransomware?

https://www.theinquirer.net/inquirer/news/3010779/samba-flaw-puts-100-000-machines-at-risk-of-wannac...

This indicates to me that Microsoft-like protocols are a bad idea...

I use NFS (Network File System) to communicate from Linux with my NAS (although Samba is also supplied). Smiley