April 19, 2016 at 7:07 am
An anonymous removal technique could possibly be a disguised vector.
[One thing that puzzles me (not that I have all the details) about the hospital incident is that patient records were corrupted. Now that appears to suggest that the permission level that the vector was running had direct file access to the patient records. Data entry people shouldn't ever have direct permissions to the records, they should only have access to the application which would write to the records under its own account.]
...
-- FORTRAN manual for Xerox Computers --
April 19, 2016 at 7:10 am
The hardest part about personal backup is accountability.
How have you made yourself accountable to your backup process over time? What do you do when you aren't meeting your goals to get back on track?
Is there a community that helps address this issue?
412-977-3526 call/text
April 19, 2016 at 7:11 am
jay-h (4/19/2016)
...they should only have access to the application which would write to the records under its own account.
Ah. The magic word. Should.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
April 19, 2016 at 7:31 am
Has anyone set up 2 virtual machines on their desktop, one for browsing and email and one for everything else?
412-977-3526 call/text
April 19, 2016 at 8:02 am
I am not a hacker and i know its easy to make backups that are infected so that restores are useless, even compounding the problem. So try not to get cozy with backups. if you say any company can restore backups from 2 months ago, i would disagree.
A Inet (whatever) board needs to be formed to deal with the randomware issues as it going to be a big problem because law enforcement are not prepared to do this kind of work effort.
A "brain-storm" way to combat this problem is to lookat the "inputs" on how things can go bad. I am suggesting an additional-new kind level / virus checking that is not done today (I think). To me most virus checkers are looking for bad code within a .DLL /.EXE.
An example of what i am suggesting needs to be done at the Operating System level, is look at the many .DLL's in an applications(for windows) a checksum, Date, Version or other program validation would be needed to "see" if this was a good or bad .DLL/EXE file.
There is nothing foolproof but validating the application code that runs on a server, could assist in discovering problems and possibly reducing ransomware and maybe even virus risk.
The board of people is needed because then Microsoft and others would need to come up with a way to validate their code, so i can check and execute it with confidence.
Yes, a ton of CPU cycles has to go to the people who have nothing better to do then cause harm to others trying to make ends-meet.
If you think this is a way to combat randsomware, please let me know. Thanks
April 19, 2016 at 8:09 am
I'm pretty sure you can buy a service from dropbox to store all of your files and variants for up to a year.
How do I recover previous versions of files?
Dropbox keeps snapshots of all changes made to files in your Dropbox within the past 30 days (or longer with the Extended Version History feature). See below for instructions on reverting to previous versions of files, and for quick links to instructions on restoring deleted files or undoing deletion events.
What is Extended Version History?
Extended Version History is Dropbox's add-on file recovery feature for Dropbox Pro subscribers. This feature preserves up to one year of file history, and replaces our Packrat unlimited version history add-on.
Existing Pro users who also used the Packrat feature were able to opt in to keep unlimited version history through November 1, 2014. After that date, all Packrat subscribers who had not opted in were automatically transitioned to Extended Version History at the start of their next billing cycle.
Click here to learn more about recovering old versions of files.
Dropbox Business accounts will continue to have unlimited version history.
By default, Dropbox saves all deleted and previous versions of your files for 30 days. If you purchase Extended Version History, you can revert to a previous file version or recover a deleted file at any time within a year of an edit or deletion made after your purchase.
It isn't cheap to do so, but my experience is that it is fairly reliable.
412-977-3526 call/text
April 19, 2016 at 8:15 am
robert.sterbal 56890 (4/19/2016)
Extended Version History ... preserves up to one year of file history...
I wonder how other services fare. OneDrive? Google Drive? etc.
Anyone know?
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
April 19, 2016 at 8:19 am
robert.sterbal 56890 (4/19/2016)
I'm pretty sure you can buy a service from dropbox to store all of your files and variants for up to a year.How do I recover previous versions of files?
Dropbox keeps snapshots of all changes made to files in your Dropbox within the past 30 days (or longer with the Extended Version History feature). See below for instructions on reverting to previous versions of files, and for quick links to instructions on restoring deleted files or undoing deletion events.
What is Extended Version History?
Extended Version History is Dropbox's add-on file recovery feature for Dropbox Pro subscribers. This feature preserves up to one year of file history, and replaces our Packrat unlimited version history add-on.
Existing Pro users who also used the Packrat feature were able to opt in to keep unlimited version history through November 1, 2014. After that date, all Packrat subscribers who had not opted in were automatically transitioned to Extended Version History at the start of their next billing cycle.
Click here to learn more about recovering old versions of files.
Dropbox Business accounts will continue to have unlimited version history.
By default, Dropbox saves all deleted and previous versions of your files for 30 days. If you purchase Extended Version History, you can revert to a previous file version or recover a deleted file at any time within a year of an edit or deletion made after your purchase.
It isn't cheap to do so, but my experience is that it is fairly reliable.
Last I heard Dropbox does not 100% guarantee the contents, somewhere in its very small print. Cant recollect if it was this forum or a security forum that various people highlighted the issue of missing contents.
Even if you did have daily backups going back 10 years, how much data loss could a company survive? And have you ever written a script to plough though days worth of backups to find when someone changed data. Of course archiving data in the system helps but not so much if it is ransomware that has encrypted everything.
April 19, 2016 at 8:36 am
Offsite versioning is definitely a plus.
But for high profile attacks on high profile targets, there is another targeting approach: silently decrypt files each time they are accessed, re encrypt when they are saved. After a time limit, remove the encryption/decryption. Then there is a long version history that is unusable.
...
-- FORTRAN manual for Xerox Computers --
April 19, 2016 at 8:55 am
As for how to prevent ransomeware attacks, the following blog post describes a method of thwarting Crypto (the same trojan that attacked my PC) by disabling the Microsoft API encryption service, which this trojan and probably others rely on to do it's dirty work.
Also, to help reduce F.U.D. about cloud storage for your personal data, PKWARE and Viivo have client apps that will compress and encrypt files before syncing them to the cloud.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
April 19, 2016 at 8:57 am
I would strongly recommend a restore to another computer to protect against that attack.
Testing what you actually want to do and what just a few of the steps is often a challenge.
412-977-3526 call/text
April 19, 2016 at 9:03 am
But the most important thing to keep in mind about ransomware, and this is a popular misconception, is that the most common attack vector is a trojan program that you download from the internet. Broadly speaking, ransomware is NOT something that hackers install on your PC after actively hacking into your personal or corporate network. Instead, it's a lot like a phishing scheme, where they broadcast their payload to file sharing sites or as email attachments and then passively sit back waiting for victims to contact them. However, the difference here is that they've encrypted your files, so it's more like ransom than social engineering.
I'm almost certain that I was attacked by downloading an executable file disguised as an .MP3 file. Another approach is that hackers bundle their payload into the SETUP.EXE installer for freeware and then upload it to file sharing sites.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
April 19, 2016 at 9:11 am
No sane company offers a 100% guarantee of anything, except that it doesn't offer a 100% guarantee.
If you need to store something I'd suggest restoring it periodically to increase the likelihood that you can do it again later.
412-977-3526 call/text
April 19, 2016 at 10:12 am
Gary Varga (4/19/2016)
Yet Another DBA (4/19/2016)
Gary Varga (4/19/2016)
bthomson (4/19/2016)
join an organization like https://www.infragard.org/ this is a partnership with the FBI. It has chapters in most cities. Supposedly my Houston chapter is better than most but it provides you access to secret clearance data about malware and breaches that are not released to the public including mitigation and heuristic details about bad actor actions/ip addresses etc.Anyone heard of a UK equivalent?
Sorry but you aren't cleared to know.... 😀
:w00t:
Don't you have GCHQ for that? After all, if they can stop the new Harry Potter book from being leaked[/url], they should be able to handle crypto blackmail easily!
-----
[font="Arial"]Knowledge is of two kinds. We know a subject ourselves or we know where we can find information upon it. --Samuel Johnson[/font]
April 19, 2016 at 10:25 am
robert.sterbal 56890 (4/19/2016)
Has anyone set up 2 virtual machines on their desktop, one for browsing and email and one for everything else?
I use an Ubuntu VM for general browsing. With no shared folders
The more you are prepared, the less you need it.
Viewing 15 posts - 16 through 30 (of 47 total)
You must be logged in to reply to this topic. Login to reply