How (in)vulnerable would Ubuntu be to encryption ransomware?

malware

Solution 1:

In order for such a software to run "successfully" on an Ubuntu machine, would the user first have to run it and give the sudo password?

No, I would assume the data is your personal data and "sudo" is needed for system files.

If the users files were already encrypted, would that protect against this?

No. Data is data. Encryption plays no part: the ransomware will lock the data itself

Could a ransomware program, if unwittingly installed by a user (who also confirmed with the sudo password), take even your pre-encrypted data hostage?

Yes. They would not be able to VIEW the data but that was not their intention. Nor is encryption in any way important: they lock your "container".

In general, how (in)vulnerable is Ubuntu to encryption ransomware, and how careless/unsavvy do the actions of a user have to be in order to actually have his or hers data taken hostage?

Someone first has to create a situation where you and many others are willing to download and install their software. That is a hurdle even virus software writers have not been able to take.

The whole idea of ransomware is to target as many users as possible in the shortest time frame possible.

As soon as 1 Linux user gets targeted and they actually get his/her data tainted all hell would break loose and within minutes all of us will get informed in some sort of way. Look at what happened when the OpenSSL bug appeared. In a matter of minutes all the IT websites had a story to tell. Same with the kernel bug that appeared 2 days ago. Everyone jumped on it. If it happens I do not see this happening to more than a few users. By then all of us got informed or if possible there will be a fix for the method they used (like a hole in the kernel or in a browser that they exploited).

Most of us use Ubuntu Software Center. How likely is it that this malware ends up in Ubuntu Software Center? Next we use PPAs. The information for those PPAs we get from sites like omg.ubuntu.co.uk or webupd8 or from trusted Ubuntu channels.

That is also the difference between Linux/Ubuntu and Windows: Windows users are told to download and install software from any website they can find it. We mostly do not do that. So the amount of crap you can download for Windows is several times higher than for any other operating system. Makes Windows an easier target.

Solution 2:

In order for such a software to run "successfully" on an Ubuntu machine, would the user first have to run it and give the sudo password?

Run it, yes, of course. Give the sudo password, no. The sudo password is needed in order to modify system files or settings. However, ransomware encrypts the user's personal files, which are fully accessible by the user without a password. The sudo password would be needed to encrypt files of other users, however.

If the users files were already encrypted, would that protect against this?

No. The ransomware would encrypt the encrypted files, so that when you try to decrypt them with your original key, decryption would not work. Pictorially, you lock your files inside a box (of which you have the key), and the ransomware locks your box inside a larger box, of which you do not have the key.

Related

How to uninstall programs in ubuntu if they are not in Software Center? 12.04
Bluetooth dongle problem
config dual monitors with quite different resolution
Can I upper limit the CPU frequency?
Audio via NVIDIA HDMI skipping
Unity "Files & Folders" lens can't find anything
PCSX2 on Ubuntu
Ubuntu Unmounting drive takes forever
Is it possible to delete an enrolled key using mokutil without the original .der file?
Unable to install KVM on Ubuntu 16.04
"The system network services are not compatible with this version" - ubuntu 14.04 [duplicate]
Clone Ubuntu Machine