Posted in Computers on Sunday 25th June 2017 at 9:06am
It's been a tricky week for a number of reasons - while Inspectors stalk the corridors of my office and I wrestle with seemingly deliberately obtuse bureaucracy at home and at work, someone decided that I was good for a few Bitcoins of ransom for my data. Linux ransomware is rare - but does exist in the wild. It's also been fairly primitive up to now, with attackers using predictable keys to encrypt data, and generally showing a lot less knowledge of the underlying system than the Windows based machines they're used to hobbling. However, as much of the world's larger-scale server architecture lives on some form of Unix derivative, they're going to get better at this.
My first question was why?, or more specifically why me? This is a completely non-commercial site, with relatively low traffic and which really only a few people would notice the absence of should it fall off the net - albeit after nearly eighteen years online! Anyone who knows me would know I'm certainly not good for the kind of ransom proposed. I cycled back through the various political disputes I've been involved in around the last election - none felt nearly sharp or potent enough to inspire this, in fact the whole campaign passed in a sort of stunned blur for both sides I think. I thought about other rivalries - I don't have many, and the one work-related matter which came to mind seemed unlikely. So perhaps it was just completely random after all? Just a chance attempt to extract a bit of cash from someone who rambles about roads and railways. Maybe. I think I'll have to accept this explanation.
The next step was recovery - and at first this didn't look remotely good. Hosting my own server has many advantages, but it means that anything which goes wrong is mine to fix in my own spare time - and that has been in short supply this week with all that's happening. It also appeared that the way the attack had progressed may have meant that the encrypted files had been backed up over the good ones. It was hard to say. In the end I decided that the best course of action was to completely reinstall a clean server and hope that the off-site backup was still good. Thankfully, the fact you're reading this shows that this strategy worked out - but not without some tribulations on the way. A lot of us keep servers running to the configurations we painstakingly worked out years back - and while they keep working because kind developers tend to value backward compatibility, a fresh install brings a new world of changed ways of doing things. I think, almost a week later, things work largely as they used to - with a few minor exceptions I'm still tweaking. Will they try again? Surely - but I hope if that happens, I'm ready.
Finally, I had to consider how my regime of backups worked - and the answer was actually, pretty well - I had a good, very recent, clean backup which was very easy to restore once I knew things were safe. But it could have been better - slicker, cleaner, more efficient - and the itch to polish and improve, to shave a few steps off there and make something work just a little better was suddenly back. In short, it's proved an interesting intellectual exercise which has distracted me a little from the rest of the week in generally positive ways. It seems likely that the vector of attack was a Wordpress installation which hosted my old Songs Heard on Fast Trains music blog. Certainly this has been attacked before, being used to relay spam via the injection of some malicious code. I've long disliked this blog being separate from the rest of the site, so it was time to extract the data and make it part of Lost::MikeGTN proper - some external links to SHOFT might break, but it was a small price to pay for closing a potential door. So, that's done too - and while this might need some tweaking and changing to make it look and feel right, at least it's here and you can still read my thoughts on obscure Scottish music of the early 2010s!
The loss of data to attackers from outside is always going to feel like an insult or an invasion, and as more of our life is lived virtually it will begin to feel more and more like a physical intrusion or loss. For me, the loss of a great deal of recent writing about my excursions felt potentially like a depressing enforced ending to a meandering project which I wasn't ready to give up on just yet. The older stuff, the diary entries from the late 90s for instance, perhaps only have any great relevance to me - but even so, the fact some of this digital archaeology survives makes it feel worthy of keeping. I almost lost a lot, but I learned a great deal more. And so to more turgid posts about long walks, observations on the rail network, and generally to more of the same...
I've had a home on the web for more years than I care to remember, and a few kind souls persuade me it's worth persisting with keeping it updated. This current incarnation of the site is centred around the blog posts which began back in 1999 as 'the daylog' and continued through my travels and tribulations during the following years.
I don't get out and about nearly as much these days, but I do try to record significant events and trips for posterity. You may also have arrived here by following the trail to my former music blog Songs Heard On Fast Trains. That content is preserved here too.