× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



While there's no "known" ransomware that RUNS on IBM i, it doesn't mean you can't build any that does. In fact, it's quite easy. But it's a giant waste of time given the amount of Windows workstations and macro-click-happy users that can easily be compromised to absolutely destroy an IBM i partition in a matter of minutes. The goal the original poster was looking for was, in my opinion, how to significantly reduce or eliminate that risk.




Steve Pitcher

iTech Solutions Group, LLC

p: (203) 744-7854 Ext. 176 | m: (902) 301-0810
 
www.itechsol.com | www.iInTheCloud.com




-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxxxxxxxx] On Behalf Of Patrik Schindler
Sent: Wednesday, January 20, 2021 4:00 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Ransomware on Power

Hello Robert,

Am 20.01.2021 um 03:15 schrieb Roberto José Etcheverry Romero <yggdrasil.raiker@xxxxxxxxx>:

I just read about an attack that targets VMware ESXi hypervisors DIRECTLY.
It owns the system due to some pretty dangerous vulnerabilities and
then runs a python script to encrypt the entire datastores.

Please see subject. We were talking about Ransomware on POWER. I was just clarifying that there is no (known) ransomware running on POWER, in regard to IBM i.

Would you have thought that impossible as well?

No, I know about that vuln. Has it ever been observed in the wild?

Just because nobody has come forward with a horror story, doesn't mean that it cannot be done.

Because you know that driving a car is inherently dangerous because you know that fatal accidents *can* happen, you do not refrain from driving a car, right?

Please, stay reasonable. There are numerous horror scenarios which can be drawn. Many exploits are incredibly hard to make use of. It takes time, expertise and sometimes manual observation. Completely different from Ransomware: Aim into the dark and shoot. Someone will open the attachment and enable macros or whatever it takes. And of these, some are desperate enough to pay. Cheap enough to be spread widely.

Having PASE and now the entire open source utilities in the i means opening up to a lot more vulnerabilities and attack vectors.

I know. One reason I’m not too happy with IBM pushing this „Linux within IBM i“. I’ve more than once pointed out this fact in this list. But as with cars, you get the comfort, you also get the risk.

Once you start down that rabbit hole, it seems like the hole never end.

Yes. Security is a topic by itself. Especially if you add the fact that for years, some software has been proven to be badly written. Cheap, time to market. It doesn’t crash immediately? Okay, ship. We can fix later.

The low hanging fruit has already been said by Steve but I would add:
Disable any service not required or used. The smaller the possible
attack surface, the better.

Completely correct and valid.

Allow me to conclude that your point is valid and at the same time completely unrelated to Ransomware on POWER.

:wq! PoC

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://url.emailprotection.link/?bAncuoXZnqCUcaMP1y9_Vy4mA238WJyRc0I8PCKF6U9fHOB7USL8o9LIjNnrhOJEAi3TdOb-G5vau-B83VyfmjkcCaxU0pJleTMyCCTW9Gu_cvvOIO3HD73g0V2T8lSNs
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at https://url.emailprotection.link/?bg3JjUAS7FimdYyLHsRj55dyDH2GIgsXgg_1-7Sba-glStbGmeg_qPpBRVN13Yniv2RhSUJ8GiBJ_EYDWbUA6qQ~~.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://url.emailprotection.link/?bw8w48TccQ5CGr-yc6E2hKHQEBExR0kQBX7bTe_H0E2zpd8tD53U-Vab_twbySYxaxCFGDnSUOyTTYRM3hwrj-Q~~

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.