Re: Ransomware on Power -- MIDRANGE-L

Hello Robert,

Am 20.01.2021 um 03:15 schrieb Roberto José Etcheverry Romero <yggdrasil.raiker@xxxxxxxxx>:

I just read about an attack that targets VMware ESXi hypervisors DIRECTLY.
It owns the system due to some pretty dangerous vulnerabilities and then
runs a python script to encrypt the entire datastores.

Please see subject. We were talking about Ransomware on POWER. I was just clarifying that there is no (known) ransomware running on POWER, in regard to IBM i.

Would you have thought that impossible as well?

No, I know about that vuln. Has it ever been observed in the wild?

Just because nobody has come forward with a horror story, doesn't mean that it cannot be done.

Because you know that driving a car is inherently dangerous because you know that fatal accidents *can* happen, you do not refrain from driving a car, right?

Please, stay reasonable. There are numerous horror scenarios which can be drawn. Many exploits are incredibly hard to make use of. It takes time, expertise and sometimes manual observation. Completely different from Ransomware: Aim into the dark and shoot. Someone will open the attachment and enable macros or whatever it takes. And of these, some are desperate enough to pay. Cheap enough to be spread widely.

Having PASE and now the entire open source utilities in the i means opening up to a lot more vulnerabilities and attack vectors.

I know. One reason I’m not too happy with IBM pushing this „Linux within IBM i“. I’ve more than once pointed out this fact in this list. But as with cars, you get the comfort, you also get the risk.

Once you start down that rabbit hole, it seems like the hole never end.

Yes. Security is a topic by itself. Especially if you add the fact that for years, some software has been proven to be badly written. Cheap, time to market. It doesn’t crash immediately? Okay, ship. We can fix later.

The low hanging fruit has already been said by Steve but I would add:
Disable any service not required or used. The smaller the possible attack
surface, the better.

Completely correct and valid.

Allow me to conclude that your point is valid and at the same time completely unrelated to Ransomware on POWER.

:wq! PoC

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.