ransomware virus on Linux

Arthur Chance freebsd at qeng-ho.org
Sat Nov 21 13:21:53 UTC 2015 

On 21/11/2015 04:57, Polytropon wrote:
> On Fri, 20 Nov 2015 10:57:37 -0500, Garance A Drosehn wrote:
>> (Certainly I've seen cases where someone was running backups
>> regularly & automatically, and everything looked fine.  But when
>> they finally needed to restore something, they found out that those
>> backups were not really working, or were working but not backing up
>> as much as the user thought they were backing up)
>
> True, I've seen that too. Untested backups with "experts"
> relying on them (and other "experts"' assurance that everything
> would work if needed). The worst thing _I_ have actually seen
> in reality was (many years ago) a customer who's "professional
> consultant" had messed up the backup process so nothing was
> written to the tapes, and nobody had checked the logs, so
> the customer ended up with a box of blank tapes; the box was
> labeled "BACKUP". You can imagine how "satistied" the customer
> was with his expensive "service" when the worst case happened,
> disks crashed, and he would just have to restore yesterday's
> backup... :-)

I had exactly the same experience - box full of Exabyte dump tapes, all 
carefully labelled with day and date they'd been in the drive, all 
pristine except for a little wear from sitting unmoving in the drive. 
The person responsible swore that they'd actually tried a restore when 
they'd set up the system and it had worked.

Fortunately it was not the system disk that had failed, only the drive 
holding the customer's data, and I was able to restore the lost data, 
and explain why the test restore had worked - there was a very large 
regular file on the system disk called /dev/rmt0 (*). After that I got 
into the habit of doing

ln -s rmt0 /dev/rmt0

on all machines without mt devices, to cause dumping to the non-existent 
default device to fail with a "too many symbolic links" error.

(*) or whatever the default dump(8) device was.

-- 
Moore's Law of Mad Science: Every eighteen months, the minimum IQ
necessary to destroy the world drops by one point.

More information about the freebsd-questions mailing list