This malware is well written, and uses strong encryption.
I would suggest that you and your father spend the evening reading up on backup practices, and reconsider the value proposition of open source software.
I hope I am not coming off as a smug jerk. My hope is that rather than becoming frustrated and demoralized after an evening of fruitless hacking, you and your uni will recover, and become resilient against future attacks.
I personally use linux and my github repo is here[1] where i have a bunch of encryption related projects(zuluCrypt,SiriKali and lxqt_wallet). The last windows computer i used was windows xp.
I dont want to move him to linux because i am not always around and he can ask other people for help when he is on windows.
Thank God for backups! And thank you for making sure people make backups.
My mother is in a similar situation. She is an elementary school teacher, and has little time for unrelated endeavors like this. What time she does have, is spent in the garden, as it should be.
Nevertheless, we are now seeing that the time-cost of closed source software, is greater than that of open-source software. My solution has been to prepare a KDE based distro for her, to work with her, side by side, whenever she needs to learn new tools. It is a good bonding experience, when both people can maintain a positive attitude about it.
The solution to the problem of malware, is education.
I think you are referring to diversity, not obscurity. Diversity does indeed increase the resilience of the network, but there will always be enough common factors across the board, that diversity alone will not suffice.
In the end, the software that we depend on, must be reviewable by anyone who is concerned about it. A prerequisite for that, is that software should be as small, clean, and simple as possible, to encourage such scrutiny. IIRC, the real problem with heartbleed, is that the OpenSSL codebase was a mess, and no-one wanted to work on it.
That's my point, as I type this on fully patched Win 10 Pro.
Certainly Windows has its issues, but it's biggest 'flaw' when it comes to malware isn't that it's closed-source, but that it's ubiquitous and therefore a highly attractive target.
Linux is ubiquitous in the data center. We are not a low-value target. Also, corporations with cloud-based infrastructure are more likely to pay large ransoms for their data, especially if it is the backup/archive system that is attacked.
Data centers are dwarfed in size by the consumer and business markets, while also being much less vulnerable due to their more specialised nature and therefore ease of update. Case in point: there are plenty of windows data centres out there, but its not likely any of them were effected by this incident.
I understand that people love open source, but how is that relevant here? For example OpenSSL is open source, yet it didn't prevent Heartbleed and other exploits from happening?
OpenSSL was an example of open source done badly; neither of our communities can claim to be universally perfect. The solution, was to fork and replace OpenSSL with a superior project: LibreSSL. That part of the story, is a success for open source. It shows us recovering quickly and permanently from the worst catastrophe imaginable.
Working fine on FreeBSD 10 for me, but it's not default yet as far as I know.
My thoughts on the matter are, this is all a pointless waste of time/effort, or otherwise said, an arms race of exploits/bugs that will go on and on and produce nothing of value, except justifying a military budget in various govs.
If they truly were doing their jobs and being of benefit, we wouldn't have the corruption we do, the paedo rings, the drug cartels etc.
To be secure, you have to beat the smartest people on the planet I would have thought, and unless you have a nation's resources, that's tricky. Tightening laws I'm not sure is the answer either, it feels like human nature expressed in Internet terms.
There is no way to know for sure, because we have not embedded telemetry / spyware in open source operating systems.
One of the problems here, is that large organizations are reluctant to update software across a large population of computers. If those updates were smaller, more transparent, and could be separated based on whether they are a security fix, a new feature, or a new tool that allows a 3rd party to monitor user activity, then the sysadmins would be empowered to close security issues quickly, while introducing minimal risk.
From what I've seen, it isn't particularly well written. However, you're probably correct about the encryption being strong.
One of the reasons the infection rates are dropping off is that the malware had some kind of poorly implemented sandbox detection, where it would attempt to resolve a non-existent domain. However, now the domain has actually been registered by a researcher, so now every new infection thinks it's running in a sandbox.
This is the work of someone who doesn't really know what they're doing, and they probably copied a large chunk of the code from somewhere else.
I'm intrigued because I've seen people claim that "linux is just as vulnerable as windows to user stupidity," but I have a hard time understanding how. The vast majority of windows infections occur because somebody got tricked into running an executable file.
On every Linux distro I've used, scripts and binaries need the executable bit set or be explicitly run through the desired shell. As far as I know, no browser sets the executable bit on downloads. To run scripts, you need to know what you're doing.
Now,
curl http://... | sudo sh
is an entirely different problem. As are remote execution vulnerabilities in the kernel. As are adding random package manager repositories found on internet forums. But all seem a bit more technically involved than opening an executable file with a .pdf extension.
I would suggest that you and your father spend the evening reading up on backup practices, and reconsider the value proposition of open source software.
I hope I am not coming off as a smug jerk. My hope is that rather than becoming frustrated and demoralized after an evening of fruitless hacking, you and your uni will recover, and become resilient against future attacks.