4

Instead of a backup, i store my important documents (my resumee, certificates and such) in a git repository - which is then pushed to sth like github.

My reasons for using git instead of an backup are:

  • My important documents are anyways inside git repositories, so pushing the content regularly to an external server(or github.com) is not difficult at all.

  • I don't know much of how to make proper backups (so that they are protected from ransomware).

Its obvious that ransomware can destroy my local repository, but can they also destroy the remote one? I mean, the connection is done with ssh keys, so a ransomsoftware can obviously read the key and push sth to github. But then I could maybe just revert the commit, right?

So the essence of my questions is: can a ransomware destory the content of the .git folder on the remote repository? (so, that i can't revert any change)

(NOTE: I do not mean using some exploits or anything like that, because of course it the answer to my question would be then "yes" )

toogley
  • 385
  • 2
  • 12
  • With `git push --force` it would be able to rewrite history on every remotes. So yes, if well done, it can prevent you to revert to a previous commit. – rdupz Dec 22 '16 at 10:55
  • @rdupz okay, but i can prevent that in the settings of github. (so only `git push`, without `--force` is possible) – toogley Dec 22 '16 at 10:57
  • 4
    @toogley If the malware is tailored for github specifically, it could easily check if your browser has session cookies related to the site, and if you were indeed recently logged on the site (without logout), forge a request that would change those settings. If I were a malicious actor with such intent, I would write malware that would check for cookies + browser-saved passwords for sites like GitHub, BitBucket and similar platforms. – niilzon Dec 22 '16 at 12:48
  • @niilzon do you want to morph your comment into an answer? i think its the best answer. – toogley Dec 23 '16 at 12:06
  • I don't think that it is complete at all, I'm just giving an example, but thanks. I see other ways but lack time to formulate a full answer – niilzon Dec 24 '16 at 09:02

2 Answers2

4

Yes. A Ransonware can "destroy" your files locally. As for the server, this depends on the configuration. It would be interesting to use a password in the key to auth with git. Ransonware can read your files, but it will not be possible to send remotely.

Recommendation: Use the ssh key with password and do not use automatic authentication.

user2925795
  • 156
  • 2
  • 1
    This would help a. against non-sophissticated malware and b. for a limited time against sophisticated malware. – v6ak Dec 23 '16 at 08:03
3

Unless server prevents it, you can use git push --force to overwrite the chasnges.

Anders
  • 64,406
  • 24
  • 178
  • 215
v6ak
  • 609
  • 5
  • 12