Re: ransomware

From: "Peter J(dot) Holzer" <hjp-pgsql(at)hjp(dot)at>
To: pgsql-general(at)lists(dot)postgresql(dot)org
Subject: Re: ransomware
Date: 2021-02-02 15:14:33
Message-ID: 20210202151433.GA1814@hjp.at
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On 2021-02-02 15:44:31 +0100, Marc Millas wrote:
> I know its quite general. It is as I dont know what approaches may exist.
>
> Requirement is extremely simple: Is there anyway, from a running postgres
> standpoint, to be aware that a ransomware is currently crypting your data ?

PostgreSQL can be set up to store a checksum with every page (I think
that's even the default in recent releases). If an external process
encrypts a data file used by PostgreSQL it is unlikely to get the
checksums correct (unless it was written explicitely with PostgreSQL in
mind). So the next time PostgreSQL reads some data from that file it
will notice that the data is corrupted.

Of course is would notice that anyway since all the other structures it
expects aren't there either.

> answer can be as simple as: when postgres do crash.....

Yep. That's what I would expect to happen pretty quickly on a busy
database. The question is: Does that help you? At that point the data is
already gone (at least partially), and you can only restore it from
backup.

hp

--
_ | Peter J. Holzer | Story must make more sense than reality.
|_|_) | |
| | | hjp(at)hjp(dot)at | -- Charles Stross, "Creative writing
__/ | http://www.hjp.at/ | challenge!"

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Tom Lane 2021-02-02 15:28:32 Re: libpq and mysterious "invalid byte sequence for encoding UTF8".
Previous Message Marc Millas 2021-02-02 14:44:31 Re: ransomware