TZUTC: -0400   
   MSGID: 28.fidonet_chat@1:142/103 2501cba4   
   REPLY: 1:153/757.21@fidonet f05a92c8   
   PID: Synchronet 3.18a-Linux  Aug 23 2020 GCC 6.3.0   
   TID: SBBSecho 3.11-Linux r3.177 Aug 23 2020 GCC 6.3.0   
   CHRS: ASCII 1   
   Hello August;   
      
   -=> August Abolins wrote to Brian Rogers <=-   
      
    AA> I'm not too overly concerned anymore about short links. It's   
    AA> been about 20 yrs now since TinyUrl launched.  Weren't they the   
    AA> first with that idea?  Anyway.. They've built a vetting process   
    AA> into them and block links that have nefarious purposes.   
      
   They still crop up from time to time. Remember it's not necessarily TinyURL   
   itself doing the dirty deeds but the users who may decide to use it.   
      
    AA> The only thing I won't do is click on a short link from   
    AA> unsoliced email or if something arrives from someone I do not   
    AA> know.   
      
   That should be standard operating practice in today's world :)   
      
    AA> I have to wonder if that or a similar technique was used to be   
    AA> the vector for inviting the ransomeware that shut down the east   
    AA> coast pipeline.   
      
   Unless a formal explanation is given it'll be uncertain.   
      
    AA> Krebbs article "A Closer Look at the DarkSide Ransomware Gang   
    AA> May 11, 2021" talks about the end result of that, but I wonder   
    AA> what the vector was for infection.   
      
   It may have been anything.   
      
    AA> This is a pretty good article that examines the techinal   
    AA> tricks:   
      
    AA> https://securityintelligence.com/posts/darkside-oil-pipeline-   
    AA> ransomware-attack/   
      
   Security online is like a hurdle to a runner, you can only hope that you can   
   build a hurdle so high they tire out trying to get over it.   
      
    AA> "A favorite entry point appears to be connecting via RDP on   
    AA> port 443 typically routing via a TOR browser."   
      
   TOR is evil. 'nuff said.    
      
    AA> And..  I did not know that VPNs and Linux were not immune:   
      
   I think you're confusing a VPN with a VM.   
      
    AA> "The malware can attack both Windows and Linux environments,   
    AA> making enterprise servers just as `encryptable' as an   
    AA> employee's endpoint. DarkSide can also attack virtual machines   
    AA> and encrypt data on their hard drives."   
      
   There's NO OS or platform that's 100% immune to viri/warez of any kind. There    
   are those which may be less immune than others. Even a virtual machine has to   
   run some form of OS on them! A VPN on the other hand is a transport mechanism   
   that uses a combination of ipencapsulation AND encryption. These are used to   
   hide your information and possibly your IP. This is why companies like to   
   have VPNs set up for those who work-from-home.   
      
    AA> Apparently all the activity of making backups is no guarantee   
    AA> that you could just ignore the ransomeware attack and just   
    AA> restore an ealier backup.  Apparently, the "attack" lurks in   
    AA> the background for an amount of time that might represent a   
    AA> typical schedule for several backups - so, when it comes time   
    AA> to use a previous backup, all those backups will have already   
    AA> have copies of the infection.   
      
   If one is in need of doing a restore due to a virus or ransomware hit, then   
   they should restore on a platform:   
   - not connected to the internet   
   - not the same machine as the infected one   
   - look for and patch the security hole that was exploited before deploying   
     that drive back into production   
      
   Some, not all, viri are on a time trigger and may be lurking around. Others   
   are not. This is why after a restore you wish to do a scan from a BOOTABLE   
   media -not- that of the local hard drive(s). No one said being a sysadmin   
   was easy work even if it's on a hobby machine.   
      
   ... Gone crazy, be back later, please leave message.   
   --- MultiMail/Linux v0.52   
    * Origin: SBBS - Carnage! (1:142/103)   
   SEEN-BY: 1/19 16/0 30/0 80/1 105/81 129/305 142/103 203/0 221/0 1   
   SEEN-BY: 221/6 360 229/426 664 700 240/1120 261/38 280/464 282/1038   
   SEEN-BY: 301/0 1 101 113 812 320/219 322/757 423/81 712/848 5058/104   
   PATH: 142/103 320/219 221/1 301/1 229/426