[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MDs & Dentists

On Wed, 21 Jul 2021 11:16:46 +0300
Reco <recoverym4n@enotuniq.net> wrote:

> 	Hi.
> 
> On Tue, Jul 20, 2021 at 11:32:26AM -0400, Celejar wrote:
> > On Thu, 15 Jul 2021 09:46:59 +0300
> > Reco <recoverym4n@enotuniq.net> wrote:
> > 
> > ...
> > 
> > > You cannot catch a ransomware cryptolocker using Linux on a desktop,
> > 
> > Of course you can, although it's certainly much less likely than when
> > using Windows.
> > 
> > > it's definitely Windows-only kind of software. In fact, any FOSS OS has
> > > this advantage, unless you're using Wine (software).
> > 
> > It's definitely not Windows-only, although it is (at this point) still
> > mostly Windows:
> 
> I'm not arguing with that, but links you're providing fail to illustrate
> your point.
> 
> > https://hacked.com/linux-ransomware-notorious-cases-and-ways-to-protect/
> 
> Requires Java to be installed. A rare case on a Linux *desktop*.

Rare? I don't have statistics, but on one of my Linux desktops, I do
some development work for Android, using IntelliJ IDEA / Android Studio,
which depend on at least some Java components. I don't know if I have
enough Java installed to be susceptible to the malware in question ;)

> > https://phoenixnap.com/blog/linux-ransomware
> 
> Quote:
> The ransomware is human-operated, so threat actors need time to
> compromise a network, steal credentials, and spread across devices.
> 
> > https://linuxsecurity.com/features/anatomy-of-a-linux-ransomware-attack
> 
> Quote 1:
> Unlike Windows ransomware variants which spread via email or
> maladvertising, Linux ransomware infection relies on vulnerability
> exploitation.
> 
> Quote 2:
> Linux ransomware exploits either unpatched system vulnerabilities or
> flaws in a service, such as a web server or email server, to obtain
> access to a target system and compromise files. For instance, the
> infamous Lilocked ransomware exploits out-of-date versions of the Exim
> message transfer agent to gain a foothold in a target environment. Rex,
> another dangerous strain of Linux ransomware, uses vulnerability
> scanners specific to Drupal, WordPress, Magento, Kerner, Airos, Exagrid,
> and Jetspeed to detect SQL injection vulnerabilities that can be
> exploited to gain admin credentials.
> 
> > https://www.zdnet.com/article/linux-version-of-ransomexx-ransomware-discovered/
> 
> Quote:
> RansomEXX is what security researchers call a "big-game hunter" or
> "human-operated ransomware."
> 
> 
> Conclusion:
> So, unless your Linux *desktop* is a target of an "attack" - your
> desktop is safe. Third link also shows us that if one runs an
> Internet-facing website or MTA - one should better know what they're
> doing. It's true that the security history of Exim, Wordpress and Drupal
> is far from being flawless (I'm not familiar with other CMSes mentioned
> at that article, I assume they're no better in this regard).
> 
> 
> And now, let's compare the scenario above to the usual "a user opens a
> specially crafted M$ Word document" and "user clicks on an
> innocent-looking link".
> 
> To me, the difference is obvious, especially considering the original
> point of this topic.

Fair enough - but I see no reason why in principle desktop Linux will
remain immune from ransomware. Even if Linux word processors are safer
than their Windows counterparts, browsers are just full of
vulnerabilities, so why couldn't ransomware get in that way?

Celejar
Reply to: