<div dir="ltr">To add to B.S.'s comment, when he said "Backups", he meant "offsite" or "not on the network". While this is more for Windows users than us Linux folks, I have heard that these ransomware viruses (virii?) do run around the local network pretty quickly, so if you're backing up to just another PC or NAS, then the infection will spread. I know a guy who had a customer fall prey to one of these. They're nasty things.<div><br></div><div>Do regular backups, but do them to something that you can easily unplug, like a USB stick. Plug the stick in, do your backups, pull the stick out, label it and put it somewhere safe. You could even buy a bunch of USB sticks and rotate them for even more protection.</div><div><br></div><div>A/V is not "necessary" in the Linux world like it is in Windows or Macs, but it doesn't hurt to be extra paranoid from time to time. I've heard good things about ClamAV, and I've used it myself, but if you want to do some reading you could try: <a href="http://www.makeuseof.com/tag/free-linux-antivirus-programs/">http://www.makeuseof.com/tag/free-linux-antivirus-programs/</a></div><div><br></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, 31 Mar 2017 at 11:50 Khalid Baheyeldin <<a href="mailto:kb@2bits.com">kb@2bits.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="gmail_msg"><div class="gmail_msg">A possible program that was used is this one (last comment in the thread). Initially a proof of concept, but now some actors are using it for real.<br class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">The key is gaining root access. If you prevent that, then you are safe.<br class="gmail_msg"></div><div class="gmail_msg"><br class="gmail_msg"><a href="https://github.com/jdsecurity/CryptoTrooper" class="gmail_msg" target="_blank">https://github.com/jdsecurity/CryptoTrooper</a><br class="gmail_msg"><br class="gmail_msg"></div>Since it has a similar /etc/motd.<br class="gmail_msg"></div><div class="gmail_extra gmail_msg"><br class="gmail_msg"><div class="gmail_quote gmail_msg">On Fri, Mar 31, 2017 at 11:45 AM, Khalid Baheyeldin <span dir="ltr" class="gmail_msg"><<a href="mailto:kb@2bits.com" class="gmail_msg" target="_blank">kb@2bits.com</a>></span> wrote:<br class="gmail_msg"><blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="gmail_msg"><div class="gmail_msg">Scrolling down a bit in the comments.<br class="gmail_msg"><br class="gmail_msg">He used Firefox as root, then probably clicked on a link or ad that had malware in it. That replaced his Python executable with the ransomware thing.<br class="gmail_msg"><br class="gmail_msg"></div>I never ran antivirus on Linux either.<br class="gmail_msg"></div><div class="gmail_extra gmail_msg"><br class="gmail_msg"><div class="gmail_quote gmail_msg"><div class="gmail_msg"><div class="m_-3680441429822043829h5 gmail_msg">On Fri, Mar 31, 2017 at 11:10 AM, Joe Wennechuk <span dir="ltr" class="gmail_msg"><<a href="mailto:youcanreachmehere@hotmail.com" class="gmail_msg" target="_blank">youcanreachmehere@hotmail.com</a>></span> wrote:<br class="gmail_msg"></div></div><blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="gmail_msg"><div class="m_-3680441429822043829h5 gmail_msg">
<div dir="ltr" class="gmail_msg">
<div id="m_-3680441429822043829m_1764101601309589172m_-3049831526135450455divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif" dir="ltr" class="gmail_msg">
<p class="gmail_msg">I saw this link on reddit. <a href="https://forums.gentoo.org/viewtopic-t-1060828.html" class="m_-3680441429822043829m_1764101601309589172m_-3049831526135450455OWAAutoLink gmail_msg" id="m_-3680441429822043829m_1764101601309589172m_-3049831526135450455LPlnk610831" target="_blank">
https://forums.gentoo.org/viewtopic-t-1060828.html</a> </p>
<p class="gmail_msg"><br class="gmail_msg">
</p>
<p class="gmail_msg">I have never run any antivirus or anything on my linux box. Does anyone know how this got into this users machine, and/or how I should be protecting my home, and work environments using Linux?</p>
<p class="gmail_msg"><br class="gmail_msg">
</p>
<p class="gmail_msg"><br class="gmail_msg">
</p>
<p class="gmail_msg"><br class="gmail_msg">
</p>
<div id="m_-3680441429822043829m_1764101601309589172m_-3049831526135450455Signature" class="gmail_msg">
<div id="m_-3680441429822043829m_1764101601309589172m_-3049831526135450455divtagdefaultwrapper" dir="ltr" style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif" class="gmail_msg">
Joseph Wennechuk
<div class="gmail_msg">Phone: <a href="tel:(226)%20505-4812" value="+12265054812" class="gmail_msg" target="_blank">(226) 505-4812</a><br class="gmail_msg">
</div>
<div class="gmail_msg"><a href="https://www.linkedin.com/pub/joseph-wennechuk/4/b59/382" id="m_-3680441429822043829m_1764101601309589172m_-3049831526135450455LPNoLP" class="gmail_msg" target="_blank">https://www.linkedin.com/pub/joseph-wennechuk/4/b59/382</a></div>
<div class="gmail_msg"><br class="gmail_msg">
</div>
</div>
</div>
</div>
</div>
<br class="gmail_msg"></div></div>_______________________________________________<br class="gmail_msg">
kwlug-disc mailing list<br class="gmail_msg">
<a href="mailto:kwlug-disc@kwlug.org" class="gmail_msg" target="_blank">kwlug-disc@kwlug.org</a><br class="gmail_msg">
<a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" class="gmail_msg" target="_blank">http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</a><br class="gmail_msg">
<br class="gmail_msg"></blockquote></div><span class="m_-3680441429822043829HOEnZb gmail_msg"><font color="#888888" class="gmail_msg"><br class="gmail_msg"><br clear="all" class="gmail_msg"><br class="gmail_msg">-- <br class="gmail_msg"><div class="m_-3680441429822043829m_1764101601309589172gmail_signature gmail_msg" data-smartmail="gmail_signature">Khalid M. Baheyeldin<br class="gmail_msg"><a href="http://2bits.com" class="gmail_msg" target="_blank">2bits.com</a>, Inc.<br class="gmail_msg">Fast Reliable Drupal<br class="gmail_msg">Drupal optimization, development, customization and consulting.<br class="gmail_msg">Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra<br class="gmail_msg">Simplicity is the ultimate sophistication. -- Leonardo da Vinci<br class="gmail_msg">For every complex problem, there is an answer that is clear, simple, and wrong." -- H.L. Mencken<br class="gmail_msg"></div>
</font></span></div>
</blockquote></div><br class="gmail_msg"><br clear="all" class="gmail_msg"><br class="gmail_msg">-- <br class="gmail_msg"><div class="m_-3680441429822043829gmail_signature gmail_msg" data-smartmail="gmail_signature">Khalid M. Baheyeldin<br class="gmail_msg"><a href="http://2bits.com" class="gmail_msg" target="_blank">2bits.com</a>, Inc.<br class="gmail_msg">Fast Reliable Drupal<br class="gmail_msg">Drupal optimization, development, customization and consulting.<br class="gmail_msg">Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra<br class="gmail_msg">Simplicity is the ultimate sophistication. -- Leonardo da Vinci<br class="gmail_msg">For every complex problem, there is an answer that is clear, simple, and wrong." -- H.L. Mencken<br class="gmail_msg"></div>
</div>
_______________________________________________<br class="gmail_msg">
kwlug-disc mailing list<br class="gmail_msg">
<a href="mailto:kwlug-disc@kwlug.org" class="gmail_msg" target="_blank">kwlug-disc@kwlug.org</a><br class="gmail_msg">
<a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" class="gmail_msg" target="_blank">http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</a><br class="gmail_msg">
</blockquote></div>