Would Linux Reduce Ransomware Attacks?

Chat about Linux in general
benali72
Level 4
Level 4
Posts: 219
Joined: Sat Mar 23, 2013 11:49 am

Would Linux Reduce Ransomware Attacks?

Post by benali72 » Tue Aug 20, 2019 7:57 pm

I keep seeing a lot of articles like this one -- www.washingtonpost.com/business/2019/08 ... time-soon/

The article tells how a Florida city agreed to pay a $600,000 ransom to get its systems back after a ransomware attack. Apparently such attacks are becoming very frequent. They can really hit small city services hard.

Would using Linux make these attacks harder to pull off? (We're assuming you'd have just as many attacks on a Linux system as Windows... not a reality, of course.)

I'm thinking Linux would be much harder to penetrate than Windows, if the base system was a solid security distro like Qubes, Parrot, or Tails.

What do you think?

User avatar
catweazel
Level 19
Level 19
Posts: 9184
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Would Linux Reduce Ransomware Attacks?

Post by catweazel » Wed Aug 21, 2019 2:33 am

benali72 wrote:
Tue Aug 20, 2019 7:57 pm
What do you think?
https://www.infoworld.com/article/31967 ... tacks.html
¡uʍop ǝpısdn sı buıɥʇʎɹǝʌǝ os ɐıןɐɹʇsnɐ ɯoɹɟ ɯ,ı

User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: Would Linux Reduce Ransomware Attacks?

Post by michael louwe » Wed Aug 21, 2019 7:23 am

benali72 wrote:
Tue Aug 20, 2019 7:57 pm
Would using Linux make these attacks harder to pull off? (We're assuming you'd have just as many attacks on a Linux system as Windows... not a reality, of course.)
.
https://www.zdnet.com/article/this-new- ... -messages/ - This new Android ransomware infects you through SMS messages - July 30, 2019
....... Android is based on Linux. Android has a world market share of about 70%. If ransomware can hit Android, they can also similarly hit desktop Linux if desktop Linux gets as popular as Android or Windows. Afaik, all it takes is for the hacker/phisher to get a gullible or ignorant/foolish user to click on an executable file, eg a link, an app, open an email, etc. So, it is "wise" for hackers/phishers to target mostly Windows and Android users only = more ROI.

User avatar
bob466
Level 5
Level 5
Posts: 613
Joined: Mon May 15, 2017 5:23 am
Location: Australia

Re: Would Linux Reduce Ransomware Attacks?

Post by bob466 » Sat Aug 24, 2019 8:11 pm

OP...have you ever had Ransomware on your Linux System ? Then you know the answer. :lol: :lol: :lol:
Linux For Ever...Windoze Never Image

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4207
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: Would Linux Reduce Ransomware Attacks?

Post by Fred Barclay » Sat Aug 24, 2019 11:00 pm

benali72 wrote:
Tue Aug 20, 2019 7:57 pm
I'm thinking Linux would be much harder to penetrate than Windows, if the base system was a solid security distro like Qubes, Parrot, or Tails.
michael louwe wrote:
Wed Aug 21, 2019 7:23 am
https://www.zdnet.com/article/this-new- ... -messages/ - This new Android ransomware infects you through SMS messages - July 30, 2019
....... Android is based on Linux. Android has a world market share of about 70%. If ransomware can hit Android, they can also similarly hit desktop Linux if desktop Linux gets as popular as Android or Windows....
Obviously I agree that desktop Linux isn't invulnerable (else I wouldn't be so interested in firejail) but this is rather incorrect. Android is based on the Linux kernel and nothing more. It doesn't share the same userspace, the same utils (i.e. the GNU tools), init systems.... Even the Android "shell" which apparently can be accessed is rather crippled compared to its Linux desktop cousin.

I don't see the connection that if Android has vulnerabilities, these must mean that desktop Linux has vulnerabilities.
benali72 wrote:
Tue Aug 20, 2019 7:57 pm
I'm thinking Linux would be much harder to penetrate than Windows, if the base system was a solid security distro like Qubes, Parrot, or Tails.

What do you think?
Qubes yes. ;) But I think the only real advantage Parrot offers is firejailing a lot of stuff by default. If you do the same on Mint or any other mainstream distro I'd suspect they'd be just as good (and they're already rather good to begin with).
My guess is that TAILS would be harder to persistently attack since it was still live-boot only the last time I checked, but I don't know if they add any significant security features on top of this. And updating Tails used to be a little difficult -- I don't know if this is still the case, but if so this may reduce overall security slightly for some users who'd rather run an out-of-date Tails than go through the update process. But by this point a successful attack is more the fault of the users than Tails.
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: Would Linux Reduce Ransomware Attacks?

Post by michael louwe » Sat Aug 24, 2019 11:53 pm

Fred Barclay wrote:
Sat Aug 24, 2019 11:00 pm
Obviously I agree that desktop Linux isn't invulnerable (else I wouldn't be so interested in firejail) but this is rather incorrect. Android is based on the Linux kernel and nothing more. It doesn't share the same userspace, the same utils (i.e. the GNU tools), init systems.... Even the Android "shell" which apparently can be accessed is rather crippled compared to its Linux desktop cousin.
.
For further information:

https://www.bleepingcomputer.com/news/s ... x-servers/ - B0r0nt0K Ransomware Wants $75,000 Ransom, Infects Linux Servers - Feb 24, 2019

https://www.quora.com/Does-LINUX-protec ... Ransomware - Does LINUX protect you against Ransomware? - 2017

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4207
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: Would Linux Reduce Ransomware Attacks?

Post by Fred Barclay » Sun Aug 25, 2019 6:49 pm

michael louwe wrote:
Sat Aug 24, 2019 11:53 pm
https://www.bleepingcomputer.com/news/s ... x-servers/ - B0r0nt0K Ransomware Wants $75,000 Ransom, Infects Linux Servers - Feb 24, 2019
That's fairly cool -- I haven't heard of this one before, thanks!
However (there's always a however :wink:) the only case I could find of this was a single server (the original and presumably only case is at https://www.bleepingcomputer.com/forums ... th-rontok/). If this really is just a single or a few users, wouldn't it be more logical to assume they poorly configured their server and allowed someone in who then encrypted their files, rather than an actually Linux problem?

After all, if I leave my front door wide opened, having sturdy walls will hardly stop a thief from just waltzing in! And if I am burgled, that doesn't indicate a wider problem in the neighborhood for those who do actually lock their doors, only that I didn't use good-sense practices and therefore lost both my van Gogh and my 34 pet hamsters.
https://www.quora.com/Does-LINUX-protec ... Ransomware - Does LINUX protect you against Ransomware? - 2017
I think these opinions are agreeing with my own. :smile: Nothing is perfectly secure but Linux is relatively good.
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

User avatar
smgordon1259
Level 3
Level 3
Posts: 153
Joined: Tue Jul 30, 2013 6:12 pm
Location: Yakima, Washington

Re: Would Linux Reduce Ransomware Attacks?

Post by smgordon1259 » Sun Aug 25, 2019 9:06 pm

Quit being careless and stay alert, no OS is 100%

https://www.quora.com/How-does-ransomwa ... r-computer
ASUS M5A78L-M/USB3
AMD FX-4350 (4.2gHz)
Vulcan DDR3 1600MHz 8Gb
ASUS GTX 660 - 2Gb / Driver Nvidia 390.116
Linux Mint 19.2 MATE amd64 / Kernel 5.0.0-23-generic x86_64
Primary: Seagate 500Gb SSHD, Secondary: Seagate 1Tb SSHD

User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: Would Linux Reduce Ransomware Attacks?

Post by michael louwe » Sun Aug 25, 2019 10:34 pm

Fred Barclay wrote:
Sun Aug 25, 2019 6:49 pm
Nothing is perfectly secure but Linux is relatively good.
.
Since Win Vista in 2006, Windows is about as secure as Linux ootb and the main difference between them is that Windows has always been much more targeted by malware/ransomware-hackers due to it's majority(= about 90%) world market share from the 1990s onward. If you were a ransomware-hacker, you would "wisely" target Windows computers rather than Linux computers = more ROI - similar to burglars often targeting rich homes rather than poor homes. .......
https://www.howtogeek.com/141944/htg-ex ... t-viruses/ - Why Windows has more viruses than Mac and Linux - Sep 2016

Personally, as an average home-user, I have not suffered any virus infection since using Win 7 from 2009 until 2016 with a Limited user account, an AV program and practicing safe-browsing on the Internet.
....... OTOH, Windows enterprise-users need to take more precautions because they are high-value targets to ransomware-hackers.

User avatar
lsemmens
Level 8
Level 8
Posts: 2339
Joined: Wed Sep 10, 2014 9:07 pm
Location: Rural South Australia

Re: Would Linux Reduce Ransomware Attacks?

Post by lsemmens » Sun Aug 25, 2019 11:13 pm

I had a nightmare last night. And that, it was. I was back at work (back in the early days of teletype) though we had had computers for network monitoring. (I worked in telecommunications). My LINUX MINT 19.2 laptop got infected with something just by putting a floppy disk in the drive and all it would do is open browser page after browser page of crappy movies. I moved to another machine and it happened again. I thought I'd try the teletype, and, you guessed it. Weird dream!!!

Fortunately Linux is way more secure than that and floppy disks are a dim memory. :D
Kernel: 4.15.0-46-generic x86_64 bits
Desktop: Cinnamon 3.8.9
Distro: Linux Mint 19 Tara

Laptop HP-ProBook-470-G2 8Gb RAM SSD
Server AMD Phenom 9650 - GEForce 9400GT 6Gb RAM
+ three other Mint machines
Out of my mind - please leave a message

User avatar
Portreve
Level 7
Level 7
Posts: 1997
Joined: Mon Apr 18, 2011 12:03 am
Location: Florida
Contact:

Re: Would Linux Reduce Ransomware Attacks?

Post by Portreve » Tue Aug 27, 2019 6:12 pm

In my view, we need to find a replacement to web cookies, and instead of looking things down against specific "click on this and you're screwed" scripts and other such stuff, we need to find better ways to deal with web and web-hosted media and other content such that these kinds of attacks won't actually do anything in such a hypothetical future web browser, email client, etc.
I'm so down wit' dat', yo, dass ich unter dem Beton bin.

Presently rocking LinuxMint 19.2 Cinnamon.

Remember to mark your fixed problem [SOLVED].

All in all, you're just another brick in the wall.

benali72
Level 4
Level 4
Posts: 219
Joined: Sat Mar 23, 2013 11:49 am

Re: Would Linux Reduce Ransomware Attacks?

Post by benali72 » Wed Aug 28, 2019 11:26 pm

Thanks for all your replies and the links, I learned a lot by reading them.

The points made in that article over at How to Geek (http://www.howtogeek.com/141944/htg-exp ... t-viruses/) made sense to me, saying that Windows was more vulnerable because:

1- Historically, MS opted for ease of use over security when there was a trade-off between the two
2- MS doesn't have an app store with controlled installs (unlike Linux repositories)
3- Popularity makes Windows the juicy target

Cheers.

User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: Would Linux Reduce Ransomware Attacks?

Post by michael louwe » Thu Aug 29, 2019 3:37 am

benali72 wrote:
Wed Aug 28, 2019 11:26 pm
2- MS doesn't have an app store with controlled installs (unlike Linux repositories)
.
M$'s Win 8.1/10 do have an app store called Windows Store or M$ Store but the store only received a lukewarm response from users and app/program developers because since Win 3.1 days in the 1990s, M$ had given the freedom to Windows users and app/program-developers to have Windows apps/programs installed from websites = less work and costs for M$ but more risky for ignorant users. This install route has become an ingrained habit.

Desktop Linux users can also opt to install apps/programs from the web, eg via PPA(= using the Terminal), github, tar.gz files, Appimage(= containers) files, etc = more risky for ignorant users.

gm10
Level 18
Level 18
Posts: 8720
Joined: Thu Jun 21, 2018 5:11 pm

Re: Would Linux Reduce Ransomware Attacks?

Post by gm10 » Thu Aug 29, 2019 3:59 am

benali72 wrote:
Tue Aug 20, 2019 7:57 pm
Would using Linux make these attacks harder to pull off? (We're assuming you'd have just as many attacks on a Linux system as Windows... not a reality, of course.)
It's basically the same on both systems (assuming the Windows is a modern Win10 on NTFS partitions and not something archaic like WinXP on FAT that are unfortunately still in use in some places).

On both Win10 and Linux, the default configuration is that a user can only write to their own files, not another user's files or system files, so that's all the ransomware can encrypt. To access anything more you need elevated privileges or a misconfigured system. For example, to the latter, I've seen very big organizations where the entire network was shared with write access. That's not OS-specific though but a criminally incompetent system administrator.

Elevating your privileges can be prevented on both systems by making sure the user is not an administrator and does not have access to an administrator's password, so they cannot be social engineered out of it.

Social engineering is also how you typically get the ransomware onto the system in the first place, so that's the same on both OS as well.
benali72 wrote:
Wed Aug 28, 2019 11:26 pm
saying that Windows was more vulnerable because:

1- Historically, MS opted for ease of use over security when there was a trade-off between the two
2- MS doesn't have an app store with controlled installs (unlike Linux repositories)
3- Popularity makes Windows the juicy target
1. doesn't matter on modern Windows systems
2. As mentioned above, it does, but I agree (and have been saying myself) that the repository model used by Linux distributions has saved the Linux world a lot of grief. But on both systems you can install software from external sources and I am quite convinced that the users catching Ransomware on Windows are the same careless type that would likely do it on Linux, too.
3. Very true, but your initial question that I quoted ruled that out as a parameter. It's just a matter of statistics though. If somebody wants to target you then statistics won't help you.
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

gm10
Level 18
Level 18
Posts: 8720
Joined: Thu Jun 21, 2018 5:11 pm

Re: Would Linux Reduce Ransomware Attacks?

Post by gm10 » Thu Aug 29, 2019 4:05 am

Fred Barclay wrote:
Sat Aug 24, 2019 11:00 pm
Even the Android "shell" which apparently can be accessed is rather crippled compared to its Linux desktop cousin.
Not relevant to the topic (I do, of course, agree with you that attack vectors on Android are very different from those on Linux) but I felt like pointing out that my Android phone has got the same bash shell as my desktop, and if you're going to use the shell you typically add BusyBox. BusyBox is slightly less featured that the full GNU tools but I wouldn't call it crippled in any way. I can mostly shell script my Android the same way as any Linux.
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

Hoser Rob
Level 14
Level 14
Posts: 5439
Joined: Sat Dec 15, 2012 8:57 am

Re: Would Linux Reduce Ransomware Attacks?

Post by Hoser Rob » Thu Aug 29, 2019 9:20 am

bob466 wrote:
Sat Aug 24, 2019 8:11 pm
OP...have you ever had Ransomware on your Linux System ? Then you know the answer. :lol: :lol: :lol:
That makes absolutely zero sense, and installing something (eg Windows AV software otr even Linux) expecting to make you hack proof is just about the worst security measure there is.

Yes, Linux is pretty secure but you're just as susceptible to browser hacks in Linux as in any other OS.

BigEasy
Level 6
Level 6
Posts: 1248
Joined: Mon Nov 24, 2014 9:17 am
Location: Chrząszczyżewoszyce, powiat Łękołody

Re: Would Linux Reduce Ransomware Attacks?

Post by BigEasy » Thu Aug 29, 2019 3:24 pm

benali72 wrote:
Tue Aug 20, 2019 7:57 pm
I'm thinking Linux would be much harder to penetrate than Windows, if the base system was a solid security distro like Qubes, Parrot, or Tails.
Never heard somebody ask ransom for encrypted system, only for encrypted documents. Well, what the magical forces and who secure your "/home/you" ?
Windows assumes I'm stupid but Linux demands proof of it

handsomegenius
Level 1
Level 1
Posts: 27
Joined: Sun Feb 10, 2019 7:47 pm

Re: Would Linux Reduce Ransomware Attacks?

Post by handsomegenius » Sat Aug 31, 2019 10:10 am

A few thoughts:

1) One of the reasons that Windows is targeted is because this is where the users are.

It's particularly where busy and less technically sophisticated business users are. That's who the scammers chasing.

If that cohort started moving to Linux, the scammers would follow them there.

2) A lot of the biggest ransomware attacks of recent years were able to spread very far and very fast because they could propagate across networks without any human participation, using a vulnerability in the SMB protocol.

Microsoft had patched this vulnerability months before these big attacks hit, but many large workplaces had not applied this update. That's not simply a case of outright neglect. When you have very specialised software, or have connected your computers in specialised or complicated configurations, or just have very expensive downtime, applying updates can be difficult and expensive.

Many organisations accept an increased security risk as a cost - benefit trade-off. People even buy and sell insurance on the back of this bet.

Linux is definitely much nicer with updates at the home office and small business level. But it can still be fiendishly complicated with larger infrastructure. On the other hand, there's a whole ecosystem of LTS distributions that are basically built to be stable and secure for years in infrastructure situations.

Linux is probably a bit better at this, but it's beyond me to say exactly by how much.

3) More ordinarily, ransomware attacks rely on trickery to get the victim to install it.

This is much easier to do on Windows because the way you install software on that platform is very old fashioned and more than a little bit ugly. You endure so many of those jarring "user access control" panels in Windows that you very quickly start tuning them out.

It's possible to add malicious software sources to Linux, but the whole ecosystem is set up so that the average user is much less likely to do so.

User avatar
Pepi
Level 5
Level 5
Posts: 882
Joined: Wed Nov 18, 2009 7:47 pm

Re: Would Linux Reduce Ransomware Attacks?

Post by Pepi » Sat Aug 31, 2019 12:23 pm

benali72 wrote:
Tue Aug 20, 2019 7:57 pm
I keep seeing a lot of articles like this one -- www.washingtonpost.com/business/2019/08 ... time-soon/

The article tells how a Florida city agreed to pay a $600,000 ransom to get its systems back after a ransomware attack. Apparently such attacks are becoming very frequent. They can really hit small city services hard.

Would using Linux make these attacks harder to pull off? (We're assuming you'd have just as many attacks on a Linux system as Windows... not a reality, of course.)

I'm thinking Linux would be much harder to penetrate than Windows, if the base system was a solid security distro like Qubes, Parrot, or Tails.

What do you think?
Man ... If I operated my IT position like this I would have never cleared 40 years of service :roll:

User avatar
lsemmens
Level 8
Level 8
Posts: 2339
Joined: Wed Sep 10, 2014 9:07 pm
Location: Rural South Australia

Re: Would Linux Reduce Ransomware Attacks?

Post by lsemmens » Sat Aug 31, 2019 10:53 pm

handsomegenius wrote:
Sat Aug 31, 2019 10:10 am
A few thoughts:

1) One of the reasons that Windows is targeted is because this is where the users are....................

2) A lot of the biggest ransomware attacks of recent years were able to spread very far and very fast because ................
Many organisations accept an increased security risk as a cost - benefit trade-off. .....................

3) More ordinarily, ransomware attacks rely on trickery to get the victim to install it............

It's possible to add malicious software sources to Linux, but the whole ecosystem is set up so that the average user is much less likely to do so.
A very well considered response, and, I suspect, not very far from the truth.......:D
Kernel: 4.15.0-46-generic x86_64 bits
Desktop: Cinnamon 3.8.9
Distro: Linux Mint 19 Tara

Laptop HP-ProBook-470-G2 8Gb RAM SSD
Server AMD Phenom 9650 - GEForce 9400GT 6Gb RAM
+ three other Mint machines
Out of my mind - please leave a message

Post Reply

Return to “Chat about Linux”