But wouldn't a daily (or almost) backup to an unmounted disk render ransomware somewhat futile?

https://support.yubico.com/hc/en-us/...ogin-Guide-U2F, as one example for yubikeys
Ok, more stuff:
https://www.yubico.com/support/downl...bikey-manager/
https://launchpad.net/~yubico/+archive/ubuntu/stable

Not sure how well all this works with KDE's DSSM login, but it seems to be much improved in recent years.
I have been looking at this sort of thing for my laptop off and on, but never bit the bullet.

Of course, most malware/ransomware gets installed by trickery as opposed to breaking passwords and similar security so 2fa is useless in many cases.


fingerprint will highly depend on if the reader is actually supported in Linux to begin with. Many simply are not, and will not be.

Yes, you are not backed up unless you back up your back-up with offline backups.

IMO, unless 'you'; an individual person; is worth mega-millions of dollars, ransomware attackers aren't interested in your PC.

Ransomware is the result of social engineering, the trickery mentioned above, so the chances of incorporating the ransomware into your backup is pretty high.

Understanding social engineering, and avoiding situations of that, is very important. Being not visibly rich, as Snowhog mentioned, is also useful

May be of interest to some. 81 Ransomware Statistics, Data, Trends and Facts for 2021

Number 11 is a pretty universal factor in ANY security attack, "The most common tactics hackers use to carry out ransomware attacks are email phishing campaigns, RDP vulnerabilities, and software vulnerabilities."

The best defense: be careful what you click on, and keep your system (all of it) updated.

The three basic factors of security are: something that you are (picture, fingerprint, retina scan), something that you have (token, account), something that you know (password, PIN). Multifactor authentication involves use of more than one factor, plus multiples of at least two others factors.

You may have heard about some WD MyBook devices that could be used as NAS that could be set up to allow connections from the internet to access that storage. They were indeed running Linux, but the devices went out of support and stopped being updated. A vulnerability was found years later, and some bad actor found that there were all these old devices exposed to the internet with the vulnerability. That wasn't too bad, not much to be had grabbing people's family photos, but this access leaked and some %$#%$@# thought it was cool to run a script crawling the whole internet finding them and destroying them. The malware pretended to be ransomware but no recovery was possible.

So, don't run devices that can't be updated, and don't give the internet access to your backup. If you have to put your backup on the internet, one can use ssh to access it, with keys that require a pass phrase.

Having backups that are only connected when you're accessing them helps, but that isn't totally safe. The bad guys install malware on a computer that sits and waits for you to go through a backup cycle, encrypting the backups silently. Such an attack needs multiple vulnerabilities to work, so become much less likely to work on Linux.

Back Up a Bit here. WTF?

From what I've read over the last decade, umm, yes they are. How else do they get a "bot-net" ?

Thanks to Snowhog && jglen490 && jlittle && Don B. Cilly && Claydoh && 'others'
So I gather overall, to my question of additional 2FA or external hardware security to login or "root' access, it's a negative.
But additional thanks to those above, for the very interesting responses. I'll be busy reading for the next day or so.

Thanks to all

I vaguely remember how DSSM login works, but isn't root access needed for almost any attack, virus or malware?
I could suggest for your laptop, that TOR thingy dongle that boots but never changes. And I do remember from years gone by, BIOS level security for Windozes, not to mention some Windozes reboot to standard configuration software deployed at a place I used to work. Everytime you reset the PC, it would reload from an image file, and yet you had access from the running machine with an additional password (they gave me second last day I worked there) to make changes. I also think this had a server administration component to it. As I was aware of the software but never used it, I have no recollection beyond this. My brain works on the read & visual, maybe audio with hands on component. I have to see it in action. And with computers, My brain makes a virtual hardware PC, and I make the little 1's and 0's move around the board or software so I know what is happening and HOW it is happening.
But thanks for your contribution.

It is pretty clear you need to have copies or separate backups that are *not* on the same computer. Even an always-connected USB backup drive, for example can be compromised be ransomware, I assume.. Thumb drives that are in a drawer or some other location, that sort of thing. Something that can be accessed without an internet connection, so that you have something that works if there is no internet, as well as if the computer dies a horrible death or is infected with computer-rona, a known clean backup/image/whatever.



That reminds me I need to set up my cloud backup again, once I decide on which route to take this time.