From owner-freebsd-questions@freebsd.org Thu Nov 19 06:44:44 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2030FA324F0 for ; Thu, 19 Nov 2015 06:44:44 +0000 (UTC) (envelope-from guru@unixarea.de) Received: from ms-10.1blu.de (ms-10.1blu.de [178.254.4.101]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D68601C2D for ; Thu, 19 Nov 2015 06:44:43 +0000 (UTC) (envelope-from guru@unixarea.de) Received: from [80.187.96.231] (helo=localhost.unixarea.de) by ms-10.1blu.de with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1ZzIxT-0008QX-K1; Thu, 19 Nov 2015 07:44:39 +0100 Received: from localhost.my.domain (c720-r276659 [127.0.0.1]) by localhost.unixarea.de (8.14.9/8.14.9) with ESMTP id tAJ6iajk001966 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 19 Nov 2015 07:44:37 +0100 (CET) (envelope-from guru@unixarea.de) Received: (from guru@localhost) by localhost.my.domain (8.14.9/8.14.9/Submit) id tAJ6iYkg001965; Thu, 19 Nov 2015 07:44:34 +0100 (CET) (envelope-from guru@unixarea.de) X-Authentication-Warning: localhost.my.domain: guru set sender to guru@unixarea.de using -f Date: Thu, 19 Nov 2015 07:44:34 +0100 From: Matthias Apitz To: freebsd-questions@freebsd.org Subject: ransomware virus on Linux Message-ID: <20151119064434.GB1925@c720-r276659.oa.oclc.org> Reply-To: Matthias Apitz Mail-Followup-To: Matthias Apitz , freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Operating-System: FreeBSD 11.0-CURRENT r269739 (i386) User-Agent: Mutt/1.5.23 (2014-03-12) X-Con-Id: 51246 X-Con-U: 0-guru X-Originating-IP: 80.187.96.231 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Nov 2015 06:44:44 -0000 Hello, I've read in the German computer magazine "iX 12/2015" about a threat against Linux: Some ransomware malware encrypts your disk and the bad guys aking for your money to get it decrypted again. All details about this story and how to get it decrypted again w/o spending money is here: http://labs.bitdefender.com/2015/11/linux-ransomware-debut-fails-on-predictable-encryption-key/ Two questions remain: The structure of the attack makes me think that it would work the same way on FreeBSD too. Do we have already known attacks like this? If we would have a known attack and test data from this (i.e. an encrypted file system tree), I think it would be worth to check if the software described by Bitdefender could be ported to FreeBSD too. Any comments? matthias -- Matthias Apitz, ✉ guru@unixarea.de, 🌐 http://www.unixarea.de/ ☎ +49-176-38902045