Ransomware decryptor

Automating backups isn’t hard at all. I have an anacron job (actually a LaunchAgent on this Mac) that runs rdiff-backups over a keypair ssh connection to a remote host. (That’s rsync-based so it’s not the cleverest about what to increment — if you move an otherwise-unchanged file to a different directory it’ll push the whole file again instead of just updating the reference, but as long as it’s not something massive that’s not a big problem. Any big db would have its own backup routine anyway.)

As far as the encryption end, it shouldn’t be all that hard to implement something that hooks into the save-file routine to automatically reëncrypt. I’d be surprised if something like that didn’t already exist. Or maybe be able to flag a folder as Always Encrypted and then a daemon watches its contents for changes? I may not actually know what I’m talking about.

1 Like

Day 2 was pretty fuzzy.

1 Like

Sorry, couldn’t let it go – sometimes I need to pull out the good stuff to get the job finished…

1 Like

Naughty, naughty dragons.

1 Like
1 Like

Don’t forget the cars!

1 Like

I’m not sure what’s happened in this case, but in the case of cryptolocker (last year’s variant) they got hold of cryptolocker’s infrastructure and reverse engineered their malware to get at its keys.

I believe incremental backups are a pretty safe protection for this, unless it’s done automatically by a NAS or server. The reason being that if you are hit everything, including the incremental backup uploading tool, are disabled.

The other thing I heard that is an effective way to mitigate this is by running as a user that does not have Administrator privileges. If you don’t have admin rights the program cannot run by itself.

2 Likes

So… Use the Linux security and permissions model because it’s effective and secure?

And 30 years out of date?

Hell, we had a better privilege/permissions model in VMS in 1986. And in Novel Netware, for that matter, in the 90s. chmod is paleolithic, only Windows (with it’s lack of distinction between user and system space) and OS390/MVS are worse.

1 Like

There’s a difference between root and wheel

you think that when microsoft was looting VMS to make WNT, they’d pay attention to such things.

1 Like

Well, Dave Cutler was not happy with the NT final architecture. It did use his queued I/O and large memory block relocation stuff, but after WNT came out he went on extended “vacation” and the rumor is that MS had to beg on bended knee to get him to come back to the shop.

The old joke.
Q: Why is Windows NT better than Windows 95?
A: Because VMS is better than CP/M.

2 Likes

The root superuser concept was obsolete before unix was even invented. Better models existed.

Ted T’so’s work on linux capabilities, and the NSA’s overly complex linux stuff that lets you remove root, are significant improvements.

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.