Hacker News new | past | comments | ask | show | jobs | submit login

Filesystems that make this possible are the real crime against sanity. Most of the data would be stored on network shares, and the ransomware pulls the files, encrypts them, stores them back to the network share overwriting the original copy. Madness. Yes disk space isn't cheap, until you see the alternative.

We have a basic network filestore at Fastmail, it's not even a key part of our offering, but it stores up to 30 old copies and if you keep overwriting it does exponential backoff so you have the oldest copy in the past 2 weeks, plus one from a week ago, plus one from 3 days ago, etc up until a bunch of very recent copies. Ransomware would have to be running for 2 weeks to wipe out all the original files - and during that time the massive increase in disk usage would alert operations to something going on!

Likewise our email server software does integrity checks during replication between machines and won't perma-delete anything for a week after it gets expunged - and message content is immutable after writing, so changing anything is creating a new record and expunging the old one.

It costs extra space - but being safe against a client virus like this encrypting all the data on network shares isn't rocket science, and the network filesystem vendors who don't default to data safety are as much to blame as anybody for this still being a problem in $CURRENT_YEAR.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: