Prison Locker: A load of überhyped malware FUD over... internet chatter An underground advert seeking help in developing a file-encrypting ransomware kit that might be sold for just $100 a go sparked something of a panic on the interwebs this week. But security watchers are yet to see any samples of the so-called Prison Locker ransomware, leading at least two security firms to characterise the …
Ever since terrorism hit the news headlines, the security forces, media and some of the more impressionable individuals (not to mention any politician who can get on the bandwagon to further their media profile patriotic credentials) has been on a hair-trigger. Every little comment, however innocuous is examined for it's threat potential. Every bluffer's threat is taken as a real danger, every sign / portent / suspicious movement causes the panic button to be pressed - repeatedly and every tiny little incident is bigged-up as if the end of the world has just been averted.
However, most of it is complete bull.
So when some little wannabe-hacker asks for help, with a project that nobody has heard of, has no chance of coming to fruition and will be forgotten as soon as their attention flits onto something shiny, the circus grinds into action. Especially those outfits that can leverage the "event" for their own gain (and our increased levels of fear). Therefore it's refreshing to hear two such organisations characterise this as:
> intangible and overhyped.
Which, for a business sector that makes every molehill (real or imagined) into a mountain of FUD, must mean that the whole thing is of so little consequence that even they can't spin it into a criminal mastermind plotting the next global crisis.
Maybe there is some common sense out there.
quote: "Errm...you did see the icon to the right of the post above, yes?"
Sorry, I just get a bit sick of the repeated "there are no malwares on Linux" smugness when, while it is demonstrably safer than running a Windows box, it is just as demonstrably still targeted on occasion ^^;
The only way to practise safe internets is to do so with every partner. Otherwise at some point you'll end up with a nasty surprise that could take some time to clear up... :(
Applications written specifically to misbehave, usually in an attempt to provide fiscal gain for the writer, and again usually by performing actions which would normally be deemed illegal (e.g. fraud, ransoming data, anything covered by The Misuse of Computers Act).
These days they are operating system agnostic, malware has been seen on all operating systems which has a significant market presence. Admittedly the amount and frequency is usually relative to the size of the market presence, however strains have been seen on Android, iOS, and OSX as well as the more "traditional" Windows versions.
I suspect you were intending to imply that you use operating systems that do not have malware; fair enough, but I would suggest that you simply do not have malware yet. Once the Windows (and Android, as the per-unit-dominant mobile OS) markets are saturated, criminals are going to start focusing on other OSs in an attempt to capture that market segment. While the stuff seen so far on iOS or OSX is simplistic and easily avoided (the last OSX one required you to permit the install, IIRC), that doesn't mean that someone isn't already looking for exploits that will allow the same silent, drive-by installs seen on other platforms.
The majority of the boxes I run are Linux distros, but I will not assume that only my Windows gaming rig is at risk. The "la la la I'm not listening" approach to security has been shown to be ineffective time and time again ;)
will make more people more punctilious about making, securing, and testing their backups
I think you mean something more like "diligent" or "meticulous". "Punctilious" conjures up the same sort of negative connotations as "officious" does for me...
Just make sure your backup machine isn't infected! Oh, and a database of hashes for integrity-checking is a pretty good idea, too.
"I think you mean something more like "diligent" or "meticulous". "Punctilious" conjures up the same sort of negative connotations as "officious" does for me..."
Punctilious does mean diligent, meticulous and so on. If you're going to use the condescending "I think you mean ..." then at least base it on the definition rather than what you think/have a gut feeling it means.
Given that most Windows boxes are sold without installation media, I don't think most people are actually in a position to test an offline backup.
Yes, I know about that hidden "recovery" partition on a bog-standard OEM installation, but I rather suspect that malware knows about it too, so you need a Windows CD-ROM to let you wipe the encrypted disc clean and put a fresh installation on, and then you need an offline backup that lets you "restore" the fresh installation to the state of the original one.
Then you need the self-discipline to actually make a full system backup every so often (daily? weekly? monthly? I don't care, but how much recent work are you willing to lose?) and you need to hope that the malware never evolves the facility to install itself on your machine, lurk unnoticed until it sees you run the backup software, and *then* unleash its payload. (I imagine this is a fairly trivial thing to implement for anyone capable of rooting the machine, so don't hold your breath on that last point.)
Or you could just stop running under an administrative account (with or without UAC enable) and running any old shit you've just downloaded off the net.
Or you could just accept that everything you do on the computer might be lost tomorrow.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
