勒索软件攻击
It’s , and ransomware has become a thing.
现在是,勒索软件已经成为一件事。
Systems that interact with the public, like companies, educational institutions, and public services, are most susceptible. While delivery methods for ransomware vary from the physical realm to communication via social sites and email, all methods only require one person to make one mistake in order for ransomware to proliferate.
与公众互动的系统(如公司,教育机构和公共服务)最容易受到攻击。 尽管勒索软件的交付方法从物理领域到通过社交网站和电子邮件进行通信的方式各不相同,但所有方法只需要一个人犯一个错误即可使勒索软件泛滥。
Ransomware, as you may have heard, is a malicious program that encrypts your files, rendering them unreadable and useless to you. It can include instructions for paying a ransom, usually by sending cryptocurrency, in order to obtain the decryption key.
您可能已经听说过,勒索软件是一种恶意程序,会对您的文件进行加密,从而使文件变得不可读和无用。 它可以包括用于支付赎金的指令,通常通过发送加密货币来获得解密密钥。
Successful ransomware attacks typically exploit vital, time-sensitive systems. Victims like public services and medical facilities are more likely to have poor or zero recovery processes, leaving governments or insurance providers to reward attackers with ransom payments.
成功的勒索软件攻击通常会利用重要的,对时间敏感的系统。 诸如公共服务和医疗设施之类的受害者更可能具有较差的恢复过程或恢复过程为零,从而使政府或保险提供者以赎金支付攻击者。
Individuals, especially less-than-tech-savvy ones, are no less at risk. Ransomware can occlude personal documents and family photos that may only exist on one machine.
个人,尤其是不那么精通技术的人,也同样面临风险。 勒索软件可以遮盖可能仅在一台计算机上存在的个人文档和家庭照片。
Thankfully, a fairly low-tech solution exists for rendering ransomware inept: back up your data!
值得庆幸的是,存在一个技术含量较低的解决方案,可以使勒索软件变得无能为力:备份您的数据!
You could achieve this with a straightforward system like plugging in an external hard drive and dragging files over once a day, but this method has a few hurdles. Manually transferring files may be slow or incomplete, and besides, you’ll first have to remember to do it.
您可以通过简单的系统来实现此目的,例如插入外部硬盘驱动器并每天拖动文件一次,但是此方法有一些障碍。 手动传输文件可能很慢或不完整,此外,您首先必须记住要这样做。
而是使用cron (Instead, use cron)
In my constant pursuit of automating all the things, there’s one tool I often return to for its simplicity and reliability:cron. Cron does one thing, and does it well: it runs commands on a schedule.
在我不断追求使所有事物自动化的过程中,有一个我出于简单性和可靠性而经常使用的工具:cron。 Cron做一件事,并且做得很好:它按计划运行命令。
I first used it a few months shy of three years ago (Have I really been blogging that long?!) to create custom desktop notifications on Linux. Using the crontab configuration file, which you can edit by runningcrontab -e, you can specify a schedule for running any commands you like. Here’s what the scheduling syntax looks like, from the Wikipedia cron page:
我距三年前还不到几个月(我真的在那儿写博客这么久了!!)第一次使用它在Linux上创建自定义桌面通知 。 使用crontab配置文件(可以通过运行crontab -e进行编辑)来指定运行任何所需命令的时间表。 Wikipedia cron页面上的调度语法如下所示:
# ┌───────────── minute (0 - 59)# │ ┌───────────── hour (0 - 23)# │ │ ┌───────────── day of the month (1 - 31)# │ │ │ ┌───────────── month (1 - 12)# │ │ │ │ ┌───────────── day of the week (0 - 6) # │ │ │ │ │# │ │ │ │ │# │ │ │ │ │# * * * * * command to execute
For example, a cron job that runs every day at 00:00 would look like:
例如,每天在00:00运行的cron作业如下所示:
0 0 * * *
To run a job every twelve hours, the syntax is:
要每十二小时运行一次作业,语法为:
0 */12 * * *
This great tool can help you wrap your head around the cron scheduling syntax.
这个强大的工具可以帮助您绕过cron调度语法。
What’s a scheduler have to do with backing up? By itself, not much. The simple beauty of cron is that it runs commands - any shell commands, and any scripts that you’d normally run on the command line. As you may have gleaned from my other posts, I’m of the strong opinion that you can do just about anything on the command line, including backing up your files. Options for storage in this area are plentiful, from near-to-free local and cloud options, as well as paid managed services too numerous to list. For CLI tooling, we have utilitarian classics likersync, and CLI tools for specific cloud providers like AWS.
调度程序与备份有什么关系? 就其本身而言,并不多。 cron的简单之处在于它可以运行命令-任何shell命令以及通常在命令行上运行的任何脚本。 正如您可能从我的其他文章中了解到的那样,我强烈认为您可以在命令行上执行几乎所有操作,包括备份文件。 该区域中的存储选项很多,包括几乎免费的本地和云选项,以及收费的托管服务,数量众多。 对于CLI工具,我们有rsync类的实用工具经典之作,而针对AWS之类的特定云提供商的CLI工具也有。
使用rsync备份 (Backing up withrsync)
Thersyncutility is a classic choice, and can back up your files to an external hard drive or remote server while making intelligent determinations about which files to update. It uses file size and modification times to recognize file changes, and then only transfers changed files, saving time and bandwidth.
rsync实用程序是经典的选择,它可以将文件备份到外部硬盘驱动器或远程服务器,同时可以智能地确定要更新的文件。 它使用文件大小和修改时间来识别文件更改,然后仅传输更改的文件,从而节省了时间和带宽。
Thersyncsyntax can be a little nuanced; for example, a trailing forward slash will copy just the contents of the directory, instead of the directory itself. I found examples to be helpful in understanding the usage and syntax.
rsync语法可能有些许细微差别。 例如,尾部的正斜杠将仅复制目录的内容,而不是目录本身。 我发现示例有助于理解用法和语法。
Here’s one for backing up a local directory to a local destination, such as an external hard drive:
这是将本地目录备份到本地目标(例如外部硬盘驱动器)的一种:
rsync -a /home/user/directory /media/user/destination
The first argument is the source, and the second is the destination. Reversing these in the above example would copy files from the mounted drive to the local home directory.
第一个参数是源,第二个参数是目的地。 在上面的示例中将其反转将可以将文件从已安装的驱动器复制到本地主目录。
Theaflag for archive mode is one ofrsync’s superpowers. Equivalent to flags-rlptgoD, it:
存档模式a标志是rsync的超级大国之一。 等效于-rlptgoD标志,它:
Syncs files recursively through directories (r);
通过目录(r)递归同步文件;
Preserves symlinks (l), permissions (p), modification times (t), groups (g), and owner (o); and
保留符号链接(l),权限(p),修改时间(t),组(g)和所有者(o); 和
Copies device and special files (D).
复制设备和特殊文件(D)。
Here’s another example, this time for backing up the contents of a local directory to a directory on a remote server using SSH:
这是另一个示例,这次使用SSH将本地目录的内容备份到远程服务器上的目录中:
rsync -avze ssh /home/user/directory/ user@:home/user/directory
Thevflag turns on verbose output, which is helpful if you like realtime feedback on which files are being transferred. During large transfers, however, it can tend to slow things down. Thezflag can help with that, as it indicates that files should be compressed during transfer.
v标志打开详细输出,如果您希望实时反馈正在传输的文件,这将很有帮助。 但是,在大笔交易中,它可能会减慢速度。z标志可以帮助解决问题,因为它指示在传输过程中应压缩文件。
Theeflag, followed byssh, tellsrsyncto use SSH according to the destination instructions provided in the final argument.
e标志后跟ssh,告诉rsync根据最终参数中提供的目标指令使用SSH。
使用AWS CLI备份 (Backing up with AWS CLI)
Amazon Web Services offers a command line interface tool for doing just about everything with your AWS set up, including a straightforwards3 synccommand for recursively copying new and updated files to your S3 storage buckets. As a storage method for back up data, S3 is a stable and inexpensive choice.
Amazon Web Services提供了一个命令行界面工具,几乎可以完成您的AWS设置中的所有操作,包括一个简单的s3 sync命令,用于将新文件和更新文件递归复制到S3存储桶中。 作为备份数据的存储方法,S3是一种稳定且廉价的选择。
The syntax for interacting with directories is fairly straightforward, and you can directly indicate your S3 bucket as anS3Uriargument in the form ofs3://mybucket/mykey. To back up a local directory to your S3 bucket, the command is:
与目录进行交互的语法非常简单,您可以使用s3://mybucket/mykey的形式直接将S3存储桶指示为S3Uri参数。 要将本地目录备份到S3存储桶,命令是:
aws s3 sync /home/user/directory s3://mybucket
Similar torsync, reversing the source and destination would download files from the S3 bucket.
与rsync相似,反转源和目标将从S3存储桶下载文件。
Thesynccommand is intuitive by default. It will guess the mime type of uploaded files, as well as include files discovered by following symlinks. A variety of options exist to control these and other defaults, even including flags to specify the server-side encryption to be used.
默认情况下,sync命令是直观的。 它将猜测上传文件的mime类型,以及通过以下符号链接发现的包含文件。 存在许多选项来控制这些默认值和其他默认值,甚至包括用于指定要使用的服务器端加密的标志。
设置您的cronjob备份 (Setting up your cronjob back up)
You can edit your machine’s cron file by running:
您可以通过运行以下命令来编辑计算机的cron文件:
crontab -e
Intuitive as it may be, it’s worth mentioning that your back up commands will only run when your computer is turned on and the cron daemon is running. With this in mind, choose a schedule for your cronjob that aligns with times when your machine is powered on, and maybe not overloaded with other work.
可能很直观,值得一提的是,备份命令仅在计算机打开且cron守护程序正在运行时才运行。 考虑到这一点,请为您的cronjob选择一个计划,使其与计算机开机的时间保持一致,并且可能不会使其他工作超负荷。
To back up to an S3 bucket every day at 8AM, for example, you’d put a line in your crontab that looks like:
例如,要每天早上8点备份到一个S3存储桶,您可以在crontab中添加一条类似于以下内容的行:
0 8 * * * aws s3 sync /home/user/directory s3://mybucket
If you’re curious whether your cron job is currently running, find the PID of cron with:
如果您想知道cron作业当前是否正在运行,请使用以下命令找到cron的PID:
pstree -ap | grep cron
Then runpstree -ap <PID>.
然后运行pstree -ap <PID>。
This rabbit hole goes deeper; a quick search can reveal different ways of organizing and scheduling cronjobs, or help you find different utilities to run cronjobs when your computer is asleep. To protect against the possibility of ransomware-affected files being transferred to your back up, incrementally separated archives are a good idea. In essence, however, this basic set up is all you really need to create a reliable, automatic back up system.
这个兔子洞更深了。 快速搜索可以揭示组织和调度cronjobs的不同方法,或者帮助您找到不同的实用程序来在计算机睡眠时运行cronjobs。 为了防止受勒索软件影响的文件被传输到您的备份中,最好采用渐进分离的存档。 但是,从本质上讲,此基本设置是创建可靠的自动备份系统所需的全部。
不要喂巨魔 (Don’t feed the trolls)
Humans are fallible; that’s why cyberattacks work. The success of a ransomware attack depends on the victim having no choice but to pay up in order to return to business as usual.
人类是容易犯错误的。 这就是网络攻击起作用的原因。 勒索软件攻击是否成功取决于受害者别无选择,只能付钱才能恢复正常营业。
A highly accessible recent back up undermines attackers who depend on us being unprepared. By blowing away a system and restoring from yesterday’s back up, we may lose a day of progress; ransomers, however, gain nothing at all.
易于访问的最新备份破坏了依赖我们准备不足的攻击者。 通过破坏系统并从昨天的备份中恢复,我们可能会失去一天的进展; 然而,勒索曼丝丝丝毫没有任何收获。
For further resources on ransomware defense for users and organizations, check out CISA’s advice on ransomware.
有关针对用户和组织的勒索软件防御的更多资源,请查看CISA关于勒索软件的建议 。
翻译自: /news/cronjob-ransomware-attack/
勒索软件攻击
