Analysis of Locky ransomware

Dashrender

@scottalanmiller said:

Very different things... closing a known security hole versus leaving it open and just placing the hole where people tend not to try to get in through it.

yep, security through obscurity, not real security at all.

scottalanmiller

@Dashrender said:

@scottalanmiller said:

Very different things... closing a known security hole versus leaving it open and just placing the hole where people tend not to try to get in through it.

yep, security through obscurity, not real security at all.

It's slightly better than pure obscurity. Linux desktops are slightly more secure than Windows ones. Open source, for example, goes a long way towards giving Linux a security advantage (less obscurity, more transparency.) So there is an improvement in security. But the main factor is definitely obscurity - the fundamental hole is left as is.

bbigford

@scottalanmiller said:

@BBigford said:

@scottalanmiller said:

@BBigford said:

If I could, I would move us all to Linux workstations. The length of time it takes to restore a file server because one user got a share encrypted (possibly due to security not being tight enough, my fault there), way too much time. Haven't gotten hit with any yet, in two networks, but I have OCD when it comes to security (or I'm just lucky... I'll go with lucky and eat my humble pie).

While there isn't so much risk on Linux, it will come. I am totally for going to Linux desktops, trust me. But the REAL solution here isn't Linux, it's not using network shares. That's the actual point of risk, not Windows.

The future is unknowable. Though something might only work for now, I'll shift accordingly with infections. I don't have to future-proof our whole network by migrating to a different OS or different way of sharing drives, because there's no determination that will actually work indefinitely. But for now, that would work and staying just ahead of the curve is my goal. As technology and attack techniques evolve, so shall our best practices. Just an opinion.

True, but the difference is that one approaches closes a known security hole and the other does not. One is avoiding known implementations while the other is eliminating the problem.

In the future will things like ownCloud be attacked like shares are today? Maybe. But currently there is no attack against them, no one has invented that yet. But the existing Windows attacks can be used on Linux, just because they are not being used doesn't change the fact that they exist.

Very different things... closing a known security hole versus leaving it open and just placing the hole where people tend not to try to get in through it.

I didn't mean completely avoid the problem by transitioning to a different platform or (if possible) completely transitioning to cloud. Especially not being obscure about anything... I can close up a security loophole now, but what's to say it won't get bypassed? That's unknowable, so I do the best I can now by constantly shifting how we operate (whether that is redesigning our shares/security/etc).

Dashrender

But that's just it, you're not closing up a hole. The ability for a user to run ransomware on their Linux machine and have that ransomware encrypt network shares is as easy to do on Linux as it is on Windows.

Only by going to something like SharePoint or ownCloud do you completely get rid of the simplicity of this specific problem. And it solves it for both Windows and Linux

stacksofplates

@Dashrender said:

@johnhooks

Zoho is free for 25 users for file storage only - you don't get email until you get to the $8/u/m plan.

It's free email also. I'm using it right now.

Dashrender

The obscurity that you're going to is the move to Linux and the fact that the malware writers haven't bothered to write malware for Linux yet.

MAC users could say the same thing, until they couldn't. It's been several months or more now since a MAC variant of ransomware has been available.

See, you could have previously just as easily said - I want to move everyone to a MAD because there's no ransomware there, well that would have worked until it didn't... the same WILL happen to Linux.

But you can skip the entire concern of this specific avenue of problem by moving to SharePoint or ownCloud.

Dashrender

@johnhooks said:

@Dashrender said:

@johnhooks

Zoho is free for 25 users for file storage only - you don't get email until you get to the $8/u/m plan.

It's free email also. I'm using it right now.

it's odd, did you see the picture I linked that showed email wasn't included until money was spent? confusing.

stacksofplates

@Dashrender said:

@johnhooks said:

@Dashrender said:

@johnhooks

Zoho is free for 25 users for file storage only - you don't get email until you get to the $8/u/m plan.

It's free email also. I'm using it right now.

it's odd, did you see the picture I linked that showed email wasn't included until money was spent? confusing.

I don't think that's normal email. It's something specific to docs. Instead of clicking on the docs icon click the email icon.

I have two domains with them. One for my business and one for our family, both are free.

Dashrender

I found the two different options...

scottalanmiller

@BBigford said:

@scottalanmiller said:

@BBigford said:

@scottalanmiller said:

@BBigford said:

If I could, I would move us all to Linux workstations. The length of time it takes to restore a file server because one user got a share encrypted (possibly due to security not being tight enough, my fault there), way too much time. Haven't gotten hit with any yet, in two networks, but I have OCD when it comes to security (or I'm just lucky... I'll go with lucky and eat my humble pie).

While there isn't so much risk on Linux, it will come. I am totally for going to Linux desktops, trust me. But the REAL solution here isn't Linux, it's not using network shares. That's the actual point of risk, not Windows.

The future is unknowable. Though something might only work for now, I'll shift accordingly with infections. I don't have to future-proof our whole network by migrating to a different OS or different way of sharing drives, because there's no determination that will actually work indefinitely. But for now, that would work and staying just ahead of the curve is my goal. As technology and attack techniques evolve, so shall our best practices. Just an opinion.

True, but the difference is that one approaches closes a known security hole and the other does not. One is avoiding known implementations while the other is eliminating the problem.

In the future will things like ownCloud be attacked like shares are today? Maybe. But currently there is no attack against them, no one has invented that yet. But the existing Windows attacks can be used on Linux, just because they are not being used doesn't change the fact that they exist.

Very different things... closing a known security hole versus leaving it open and just placing the hole where people tend not to try to get in through it.

I didn't mean completely avoid the problem by transitioning to a different platform or (if possible) completely transitioning to cloud. Especially not being obscure about anything... I can close up a security loophole now, but what's to say it won't get bypassed? That's unknowable, so I do the best I can now by constantly shifting how we operate (whether that is redesigning our shares/security/etc).

But it is not a loophole. It's actually closing the hole. Nothing to bypass. It's actually removing the issue.

scottalanmiller

@Dashrender said:

But you can skip the entire concern of this specific avenue of problem by moving to SharePoint or ownCloud.

Right, if cloud platforms get attacked, and they will, it will be both unique to the implementation because they are not a singular thing and it will be an entirely new attack vector unrelated to the ones we have today. Yes, we don't know what the future will hold but we can be sure that we remove our current problems before facing the future ones.

bbigford

@Dashrender said:

The obscurity that you're going to is the move to Linux and the fact that the malware writers haven't bothered to write malware for Linux yet.

MAC users could say the same thing, until they couldn't. It's been several months or more now since a MAC variant of ransomware has been available.

See, you could have previously just as easily said - I want to move everyone to a MAD because there's no ransomware there, well that would have worked until it didn't... the same WILL happen to Linux.

But you can skip the entire concern of this specific avenue of problem by moving to SharePoint or ownCloud.

No, no no. I'm not saying that at all about moving to Linux. Case in point, you already pointed out Mac users. We already use SharePoint, we just happen to use a split environment where we have a DFS share and SharePoint. SP being only used for collaboration.

bbigford

@Dashrender said:

The obscurity that you're going to is the move to Linux and the fact that the malware writers haven't bothered to write malware for Linux yet.

MAC users could say the same thing, until they couldn't. It's been several months or more now since a MAC variant of ransomware has been available.

See, you could have previously just as easily said - I want to move everyone to a MAD because there's no ransomware there, well that would have worked until it didn't... the same WILL happen to Linux.

But you can skip the entire concern of this specific avenue of problem by moving to SharePoint or ownCloud.

I'm not saying move to Linux because only Windows gets viruses. I'm saying I want to move to Linux because I hate Windows. Maybe that was too subtle...

scottalanmiller

that's why I was saying that I totally support the move to Linux... it just doesn't close the security hole in question.

I'm on a Linux desktop now. It is glorious.

Dashrender

@BBigford said:

@Dashrender said:

The obscurity that you're going to is the move to Linux and the fact that the malware writers haven't bothered to write malware for Linux yet.

MAC users could say the same thing, until they couldn't. It's been several months or more now since a MAC variant of ransomware has been available.

See, you could have previously just as easily said - I want to move everyone to a MAD because there's no ransomware there, well that would have worked until it didn't... the same WILL happen to Linux.

But you can skip the entire concern of this specific avenue of problem by moving to SharePoint or ownCloud.

I'm not saying move to Linux because only Windows gets viruses. I'm saying I want to move to Linux because I hate Windows. Maybe that was too subtle...

oh, yeah it was too subtle, because hating windows has nothing to do with the security hole we were talking about.

bbigford

@Dashrender said:

@BBigford said:

@Dashrender said:

The obscurity that you're going to is the move to Linux and the fact that the malware writers haven't bothered to write malware for Linux yet.

MAC users could say the same thing, until they couldn't. It's been several months or more now since a MAC variant of ransomware has been available.

See, you could have previously just as easily said - I want to move everyone to a MAD because there's no ransomware there, well that would have worked until it didn't... the same WILL happen to Linux.

But you can skip the entire concern of this specific avenue of problem by moving to SharePoint or ownCloud.

I'm not saying move to Linux because only Windows gets viruses. I'm saying I want to move to Linux because I hate Windows. Maybe that was too subtle...

oh, yeah it was too subtle, because hating windows has nothing to do with the security hole we were talking about.

I'm just trying to find any good excuse to switch, give me a break! If I can twist the subject into a justified transition, you bet I will.

wirestyle22

@BBigford said:

@Dashrender said:

@BBigford said:

@Dashrender said:

The obscurity that you're going to is the move to Linux and the fact that the malware writers haven't bothered to write malware for Linux yet.

MAC users could say the same thing, until they couldn't. It's been several months or more now since a MAC variant of ransomware has been available.

See, you could have previously just as easily said - I want to move everyone to a MAD because there's no ransomware there, well that would have worked until it didn't... the same WILL happen to Linux.

But you can skip the entire concern of this specific avenue of problem by moving to SharePoint or ownCloud.

I'm not saying move to Linux because only Windows gets viruses. I'm saying I want to move to Linux because I hate Windows. Maybe that was too subtle...

oh, yeah it was too subtle, because hating windows has nothing to do with the security hole we were talking about.

I'm just trying to find any good excuse to switch, give me a break! If I can twist the subject into a justified transition, you bet I will.

You and me both bud. You and me both.

Dashrender

@BBigford said:

@Dashrender said:

@BBigford said:

@Dashrender said:

The obscurity that you're going to is the move to Linux and the fact that the malware writers haven't bothered to write malware for Linux yet.

MAC users could say the same thing, until they couldn't. It's been several months or more now since a MAC variant of ransomware has been available.

See, you could have previously just as easily said - I want to move everyone to a MAD because there's no ransomware there, well that would have worked until it didn't... the same WILL happen to Linux.

But you can skip the entire concern of this specific avenue of problem by moving to SharePoint or ownCloud.

I'm not saying move to Linux because only Windows gets viruses. I'm saying I want to move to Linux because I hate Windows. Maybe that was too subtle...

oh, yeah it was too subtle, because hating windows has nothing to do with the security hole we were talking about.

I'm just trying to find any good excuse to switch, give me a break! If I can twist the subject into a justified transition, you bet I will.

ROFLOL