Re: MDs & Dentists

To: debian-user@lists.debian.org
Subject: Re: MDs & Dentists
From: Reco <recoverym4n@enotuniq.net>
Date: Wed, 21 Jul 2021 11:16:46 +0300
Message-id: <[🔎] E1m67PK-00010L-RI@enotuniq.net>
In-reply-to: <[🔎] 20210720113226.03249275e3ddc02bce9bcd8d@gmail.com>
References: <[🔎] 4fd2f83e-6bb4-a3c0-775a-2b4013805b46@surfnaked.ca> <[🔎] alpine.NEB.2.23.451.2107141425330.14423@panix1.panix.com> <[🔎] 42fde96b-fe42-2275-1e1a-a5cef5671d95@gmail.com> <[🔎] 8ea0aa6b-7fa2-68c6-1db4-3fc6085ade19@polynamaude.com> <[🔎] E1m3v99-00069e-Br@enotuniq.net> <[🔎] 20210720113226.03249275e3ddc02bce9bcd8d@gmail.com>

	Hi.

On Tue, Jul 20, 2021 at 11:32:26AM -0400, Celejar wrote:
> On Thu, 15 Jul 2021 09:46:59 +0300
> Reco <recoverym4n@enotuniq.net> wrote:
> 
> ...
> 
> > You cannot catch a ransomware cryptolocker using Linux on a desktop,
> 
> Of course you can, although it's certainly much less likely than when
> using Windows.
> 
> > it's definitely Windows-only kind of software. In fact, any FOSS OS has
> > this advantage, unless you're using Wine (software).
> 
> It's definitely not Windows-only, although it is (at this point) still
> mostly Windows:

I'm not arguing with that, but links you're providing fail to illustrate
your point.

> https://hacked.com/linux-ransomware-notorious-cases-and-ways-to-protect/

Requires Java to be installed. A rare case on a Linux *desktop*.

> https://phoenixnap.com/blog/linux-ransomware

Quote:
The ransomware is human-operated, so threat actors need time to
compromise a network, steal credentials, and spread across devices.

> https://linuxsecurity.com/features/anatomy-of-a-linux-ransomware-attack

Quote 1:
Unlike Windows ransomware variants which spread via email or
maladvertising, Linux ransomware infection relies on vulnerability
exploitation.

Quote 2:
Linux ransomware exploits either unpatched system vulnerabilities or
flaws in a service, such as a web server or email server, to obtain
access to a target system and compromise files. For instance, the
infamous Lilocked ransomware exploits out-of-date versions of the Exim
message transfer agent to gain a foothold in a target environment. Rex,
another dangerous strain of Linux ransomware, uses vulnerability
scanners specific to Drupal, WordPress, Magento, Kerner, Airos, Exagrid,
and Jetspeed to detect SQL injection vulnerabilities that can be
exploited to gain admin credentials.

> https://www.zdnet.com/article/linux-version-of-ransomexx-ransomware-discovered/

Quote:
RansomEXX is what security researchers call a "big-game hunter" or
"human-operated ransomware."

Conclusion:
So, unless your Linux *desktop* is a target of an "attack" - your
desktop is safe. Third link also shows us that if one runs an
Internet-facing website or MTA - one should better know what they're
doing. It's true that the security history of Exim, Wordpress and Drupal
is far from being flawless (I'm not familiar with other CMSes mentioned
at that article, I assume they're no better in this regard).

And now, let's compare the scenario above to the usual "a user opens a
specially crafted M$ Word document" and "user clicks on an
innocent-looking link".

To me, the difference is obvious, especially considering the original
point of this topic.

Reco

Reply to:

Follow-Ups:
- Re: MDs & Dentists
  - From: Celejar <celejar@gmail.com>

References:
- Re: MDs & Dentists
  - From: Charlie Gibbs <cgibbs@surfnaked.ca>
- Re: MDs & Dentists
  - From: Jude DaShiell <jdashiel@panix.com>
- Re: MDs & Dentists
  - From: ellanios82 <ellanios82@gmail.com>
- Re: MDs & Dentists
  - From: Polyna-Maude Racicot-Summerside <debian@polynamaude.com>
- Re: MDs & Dentists
  - From: Reco <recoverym4n@enotuniq.net>
- Re: MDs & Dentists
  - From: Celejar <celejar@gmail.com>

Prev by Date: Re: Uninstalling Chromium
Next by Date: Re: Uninstalling Chromium
Previous by thread: Re: MDs & Dentists
Next by thread: Re: MDs & Dentists
Index(es):
- Date
- Thread