Feasibility of RPi as fileserver to avoid ransomware?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Feasibility of RPi as fileserver to avoid ransomwa...
- « Previous
- Next »
Re: Feasibility of RPi as fileserver to avoid ransomware?
30-06-2017 8:04 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Pity there isn't a common name for the 'index'. By all accounts the latest ransomware trashes the index and only pretends that it can be recovered by paying a ransom. All the references I have read say that it encrypts the MFT so does that mean that a Linux file server would be unaffected? Or an exFAT partition on Windows?
Re: Feasibility of RPi as fileserver to avoid ransomware?
30-06-2017 11:32 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Well that was my thinking RR - that a disk hosted on another OS would be safe...
Re: Feasibility of RPi as fileserver to avoid ransomware?
01-07-2017 8:42 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The majority of ransomware is written in C and targetted at Windows due to the user base and is downloaded to the victim via JS. If the author is interested in trashing anything else that is found on the network that is easily done by downloading an executable for the OS in question. But in order to trash a Linux system an exploit would need to exist on the target OS that allowed for root escalation, but maybe having the home directory compromised would be enough.
With the many variants of Linux / Unix out there this is easier said than done and would more than likely need to be a kernel based exploit to make it worth while for the author to code it.
That’s not to say it isn’t possible, after all SMB is a core component of Windows. However with the way that code is written for Linux it is reviewed and tested by the authors’ peers prior to release and most screamers are caught and fixed. But that alone does not make it immune.
It is likely in fact, highly likely, that ransomware for Linux will be more prevalent in the future, but for my money (bitcoins accepted) I suspect the next major victim will be Android phones.
Re: Feasibility of RPi as fileserver to avoid ransomware?
01-07-2017 5:30 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Feasibility of RPi as fileserver to avoid ransomware?
01-07-2017 6:17 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Consider inotify...
INOTIFY(7) Linux Programmer's Manual INOTIFY(7)
NAME
inotify - monitoring filesystem events
DESCRIPTION
The inotify API provides a mechanism for monitoring filesystem events. Inotify can be used to monitor individual files, or to monitor directories. When a directory is monitored, inotify will return events for the directory itself, and for files inside the directory.
The following system calls are used with this API:
* inotify_init(2) creates an inotify instance and returns a file descriptor referring to the inotify instance. The more recent inotify_init1(2) is like inotify_init(2), but has a flags argument that provides access to some extra function‐ality.
* inotify_add_watch(2) manipulates the "watch list" associated with an inotify instance. Each item ("watch") in the watch list specifies the pathname of a file or directory, along with some set of events that the kernel should monitor for the file referred to by that pathname. inotify_add_watch(2) either creates a new watch item, or modifies an existing watch. Each watch has a unique "watch descriptor", an integer returned by inotify_add_watch(2) when the watch is created.
* When events occur for monitored files and directories, those events are made available to the application as structured data that can be read from the inotify file descriptor using read(2) (see below).etc, etc....
or you could just set up a RAID array.
"In The Beginning Was The Word, And The Word Was Aardvark."
Re: Feasibility of RPi as fileserver to avoid ransomware?
01-07-2017 9:23 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Anonymous wrote:
The majority of ransomware is written in C and targetted at Windows due to the user base and is downloaded to the victim via JS..
It was my understanding that javascript could not touch the users file system so how is that done then?
As far as i'm aware most drive by downloads are actually powered by flash which does have the ability to play filing cabinets..
Re: Feasibility of RPi as fileserver to avoid ransomware?
02-07-2017 8:25 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I am no expert in this so maybe the choice of wording could have been better as there are of course other means of delivery, but I mentioned JS as the majority of users will have this enabled by default.
Re: Feasibility of RPi as fileserver to avoid ransomware?
02-07-2017 8:56 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Alex wrote:
I wonder if you can setup some kind of automatic replication, so as soon as you save a file on one device, it goes to the other. So both are always up to date?
You could set up DFS (Distributed File Server) on Microsoft Server 2003R2 - or later to do this. But it is still Microsoft and I think still uses SMB, so solve one problem and gain a few more!
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Re: Feasibility of RPi as fileserver to avoid ransomware?
02-07-2017 10:25 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Yes, sadly the only way I think to go is to use CD/DVD/Blu Ray media. Keep it wherever in the house.
The hackers will find some other exploit in the future, and now they've learnt it makes them money it will continue. It wouldn't surprise me if they share the source code with each other and adapt it for the next one.
- « Previous
- Next »
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Feasibility of RPi as fileserver to avoid ransomwa...