× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2021

RE: Ransomware on Power

Agreed. Gotta find that sweet spot of only sharing what you must and properly protecting what you share. And CYA with a comprehensive, regular and tested backup.

Steve Pitcher

iTech Solutions Group, LLC

p: (203) 744-7854 Ext. 176 | m: (902) 301-0810
 
www.itechsol.com | www.iInTheCloud.com




-----Original Message-----
From: Larry "DrFranken" Bolhuis [mailto:midrange@xxxxxxxxxxxx]
Sent: Wednesday, January 20, 2021 9:56 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>; Steve Pitcher <SPitcher@xxxxxxxxxxxx>
Subject: Re: Ransomware on Power

This is correct IMHO. REDUCE risk, it cannot ever be eliminated.

Someone asked if you drive a car knowing you could crash it and be injured or worse. My father was thrown from his car in a wreck ended up under it and didn't know who he was for days. Upon recovery he added seat-belts to his car and used them 100% of the time, he didn't give up on the car. *I* have never been thrown from my car despite being in accidents because *I* wear my seat-belt 100% of the time, Thanks dad!

Far too many customer begin thinking about hot to mitigate a disaster after said disaster has already occurred. TO THEM! But we know these risks exist because others have been affected. Of course you can't eliminate all risk, and if you tried you could spend all your time and much of your money attempting to do that. You wouldn't ever get anything else done.

The point here is what are the strategies to reduce the risk. When driving we stay in our lane, we observe speed limits and traffic control devices, wear our seat-belts, illuminate headlamps, use our turn signals (except Florida), keep our tires and brakes in good working order and when it snows, we increase social distance, and slow down. When the kids or grandkids are on board we drive a bit more safely.

Again the parallels to our industry are strong. If you computer contains sensitive information you secure it better than if it does not. If it's connected to the internet you take more precautions than if it's not.
You do routine backups, delete users who are gone, use sensible password rules, reduce pubic authority and so much more. But the computer, like the car, is best when used!

Keep the discussion going, be civil about it. Throw out ideas and techniques used. And yeah sometimes tell horror stories so the truly smart can learn from those who failed before.

- Larry


On 1/20/2021 8:22 AM, Steve Pitcher wrote:
While there's no "known" ransomware that RUNS on IBM i, it doesn't mean you can't build any that does. In fact, it's quite easy. But it's a giant waste of time given the amount of Windows workstations and macro-click-happy users that can easily be compromised to absolutely destroy an IBM i partition in a matter of minutes. The goal the original poster was looking for was, in my opinion, how to significantly reduce or eliminate that risk.




Steve Pitcher

iTech Solutions Group, LLC

p: (203) 744-7854 Ext. 176 | m: (902) 301-0810

https://url.emailprotection.link/?bQWC5dBK9LIwFi9jfjIRdjJOKOBI7fungcse
WGVUSysNt4y3yUDxew6Pd8L1rLXijdNSW1LejMohWyrWpwZGYmw~~ |
https://url.emailprotection.link/?bMqSSai051jxpx3CvUvUkbICSIAQ6O_AV5yT
n2ASSY6VmTYOTorEC1HR2gV4iXuQ72aSKeTGZDtzORRsnkhAw3w~~




-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxxxxxxxx] On
Behalf Of Patrik Schindler
Sent: Wednesday, January 20, 2021 4:00 AM
To: Midrange Systems Technical Discussion
<midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Ransomware on Power

Hello Robert,

Am 20.01.2021 um 03:15 schrieb Roberto José Etcheverry Romero <yggdrasil.raiker@xxxxxxxxx>:

I just read about an attack that targets VMware ESXi hypervisors DIRECTLY.
It owns the system due to some pretty dangerous vulnerabilities and
then runs a python script to encrypt the entire datastores.

Please see subject. We were talking about Ransomware on POWER. I was just clarifying that there is no (known) ransomware running on POWER, in regard to IBM i.

Would you have thought that impossible as well?

No, I know about that vuln. Has it ever been observed in the wild?

Just because nobody has come forward with a horror story, doesn't mean that it cannot be done.

Because you know that driving a car is inherently dangerous because you know that fatal accidents *can* happen, you do not refrain from driving a car, right?

Please, stay reasonable. There are numerous horror scenarios which can be drawn. Many exploits are incredibly hard to make use of. It takes time, expertise and sometimes manual observation. Completely different from Ransomware: Aim into the dark and shoot. Someone will open the attachment and enable macros or whatever it takes. And of these, some are desperate enough to pay. Cheap enough to be spread widely.

Having PASE and now the entire open source utilities in the i means opening up to a lot more vulnerabilities and attack vectors.

I know. One reason I’m not too happy with IBM pushing this „Linux within IBM i“. I’ve more than once pointed out this fact in this list. But as with cars, you get the comfort, you also get the risk.

Once you start down that rabbit hole, it seems like the hole never end.

Yes. Security is a topic by itself. Especially if you add the fact that for years, some software has been proven to be badly written. Cheap, time to market. It doesn’t crash immediately? Okay, ship. We can fix later.

The low hanging fruit has already been said by Steve but I would add:
Disable any service not required or used. The smaller the possible
attack surface, the better.

Completely correct and valid.

Allow me to conclude that your point is valid and at the same time completely unrelated to Ransomware on POWER.

:wq! PoC

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit:
https://url.emailprotection.link/?b-9kEZ5EiYFlZlfY5dvHYXpvvIb4YbYrkKJV
6glK6QkmRubZZLTLc8UjHJqamsdDCcTs5zRTVqqtrrt2kYujU1pED_7OqMIRisa-oTfFZn
LRZ83_U07MOuuMeLkz9ZWwo or email:
MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at https://url.emailprotection.link/?bg3JjUAS7FimdYyLHsRj55dyDH2GIgsXgg_1-7Sba-gnOTHtDWr7e8DUdZr6Fbve8Ypg-Vs63x3G5wdW0LiTOEw~~.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link:
https://url.emailprotection.link/?bw8w48TccQ5CGr-yc6E2hKHQEBExR0kQBX7b
Te_H0E2y2kAheQZXcJr_Hdz5wVKyCtEsYiPGQwe78kkXJOxvuVQ~~


--
IBM Champion for Power Systems

https://url.emailprotection.link/?bMqSSai051jxpx3CvUvUkbICSIAQ6O_AV5yTn2ASSY6VmTYOTorEC1HR2gV4iXuQ72aSKeTGZDtzORRsnkhAw3w~~ - Commercial IBM i and Power System Hosting https://url.emailprotection.link/?b1IB6xOwCkZwpO5plxKFjldPD3hrIH2L0JPInxtn3JSq1mxQ0VAcWHAu3VSu0y5uFpVy_dzOTVhoA9caveNHhbQ~~ - Personal IBM i Hosting https://url.emailprotection.link/?bcdi4a9uHHUeVJJFAxD92lAwf6JaujTfZda9Jp8zMKGV6FsKRPpU9oW1v4DwMF7mBB3ud8Hn76yjQ5nIfRmeq5g~~ - IBM i and Power Systems Consulting.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.