On Mon, 9 Jun 2008, John Ioannidis wrote:
| Date: Mon, 09 Jun 2008 15:08:03 -0400 | From: John Ioannidis <[EMAIL PROTECTED]> | To: "Leichter, Jerry" <[EMAIL PROTECTED]> | Cc: cryptography@metzdowd.com | Subject: Re: Ransomware | | Leichter, Jerry wrote: | > Computerworld reports: | > | > http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9094818 | > | | This is no different than suffering a disk crash. That's what backups are | for. | | /ji | | PS: Oh, backups you say. Bontochev's comment as well. Of course, there is one way this can be much worse than a disk crash: A clever bit of malware can sit there silently and encrypt files you don't seem to be using much. By the time it makes its ransom demands, you may find you have to go back days or even weeks in your backups to get valuable data back. Even worse, targeted malwared could attack your backups. If it encrypted the data on the way to the backup device, it could survive silently for months, by which time encrypting the live data and demanding the ransom would be a very credible threat. (Since many backup programs already offer encryption, hooking it might just involve changing the key. It's always so nice when your opponent provides the mechanisms needed to attack him....) -- Jerry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]