BrightonCorgi Posted May 17, 2017 Posted May 17, 2017 14 hours ago, MaxG said: No one does. In practice, I don't think anyone can. Hell, maybe not even in theory. Still doesn't make it anyone's fault but the producer's. - MG Kiosk machines can be if they are hardened correctly. Nothing new can write to the OS or memory and networking only allows communication to one destination. Problem is they are more to administrate and most companies do not really care if your data is compromised. Target has had record sales despite losing your data. Only when it is intellectual property or huge compliance fines do companies really take notice & do something. 1
seville23 Posted May 17, 2017 Posted May 17, 2017 2 minutes ago, BrightonCorgi said: Who do you think comes up with a lot of the viruses, trojans, etc ??? They need to keep their software relevant as the technology is out of date. Its not that, its more the history of Kaspersky itself. To quote Bloomberg: "high-level managers have left or been fired, their jobs often filled by people with closer ties to Russia’s military or intelligence services. Some of these people actively aid criminal investigations by the FSB, the KGB’s successor, using data from some of the 400 million customers". Kaspersky denies any wrong doing. That said and given that it is increasingly difficult to operate in any major way in Russia without interaction with the Russian State and/or Russian organised crime, this suggests to me there is cause for doubt. Or, to put it another way, would you buy a safe from a company with links to professional safe crackers? Personally, I wouldn't touch them with a barge pole. There are plenty of effective alternatives.
BrightonCorgi Posted May 17, 2017 Posted May 17, 2017 1 minute ago, seville23 said: Its not that, its more the history of Kaspersky itself. To quote Bloomberg: "high-level managers have left or been fired, their jobs often filled by people with closer ties to Russia’s military or intelligence services. Some of these people actively aid criminal investigations by the FSB, the KGB’s successor, using data from some of the 400 million customers". Kaspersky denies any wrong doing. That said and given that it is increasingly difficult to operate in any major way in Russia without interaction with the Russian State and/or Russian organised crime, this suggests to me there is cause for doubt. Or, to put it another way, would you buy a safe from a company with links to professional safe crackers? Personally, I wouldn't touch them with a barge pole. There are plenty of effective alternatives. They are similar, the police and criminal are one in the same...
BarryNY Posted May 17, 2017 Posted May 17, 2017 I use a service called Carbonite. I have their highest level product they offer on a three year plan. What I get is 2 fold. One service automatically updates all data into the cloud continuously. Not programs or your operating system but data files while you are connected to the internet. The second service is you get to maintain (on an external harddrive) a "mirror image" of everything that's on your harddrive - including the operating system, every program and all data. I do this once a week overnight - I do not keep the external connected. Having lost 2 harddrives on my laptop and all my data/programs/etc with no backup or Carbonite - i finally learned my lesson. The third time my harddrive crapped out I just went and bought a compatible harddrive for $60 and in 30 minutes my new harddrive was exactly mirrored like the one that went bust. Even where my icons were placed on my desktop and all internet shortcuts - everything was exactly as it was on the crapped out drive. Totally worth the money in time and aggravation.
BrightonCorgi Posted May 17, 2017 Posted May 17, 2017 42 minutes ago, BarryNY said: I use a service called Carbonite. I have their highest level product they offer on a three year plan. What I get is 2 fold. One service automatically updates all data into the cloud continuously. Not programs or your operating system but data files while you are connected to the internet. The second service is you get to maintain (on an external harddrive) a "mirror image" of everything that's on your harddrive - including the operating system, every program and all data. I do this once a week overnight - I do not keep the external connected. Having lost 2 harddrives on my laptop and all my data/programs/etc with no backup or Carbonite - i finally learned my lesson. The third time my harddrive crapped out I just went and bought a compatible harddrive for $60 and in 30 minutes my new harddrive was exactly mirrored like the one that went bust. Even where my icons were placed on my desktop and all internet shortcuts - everything was exactly as it was on the crapped out drive. Totally worth the money in time and aggravation. If your data files got encrypted and then it did a Carbonite sync, would your cloud files also be encrypted? Would your mirror drive also have encrypted files??? I believe they would. You need nightly backup's that are date/time versioned with a FIFO model for the amount of backup storage you have. Every night is a new back up file...
TheGipper Posted May 17, 2017 Posted May 17, 2017 2 hours ago, BrightonCorgi said: If your data files got encrypted and then it did a Carbonite sync, would your cloud files also be encrypted? Would your mirror drive also have encrypted files??? I believe they would. You need nightly backup's that are date/time versioned with a FIFO model for the amount of backup storage you have. Every night is a new back up file... This is a key point I have been thinking about. I have been using Carbonite service also, thinking I am covered. But, hmm... But are there ransomware programs out there sophisticated to introduce a delay between their surreptitious encrypting of your files and the point it announces itself and demands payment? And if there are no ransomware variants that currently do that, how long until they do? Any ransomware that encrypts the files, then spends the next week/month or so silently acting as a decrypting pass-through for those files as you use them normally will end up over-writing your instant/periodic backups with encrypted files. Meaning the ransomware has you over a barrel, as you have no unencrypted backup. Unless your online backup service provides multiple versions of the file going back weeks or months. I may check to see if Carbonite offers some elevated service level that keeps multiple versions of all files available. And I would think locally attached backup disks are pretty much worthless as a defense against this. Any ransomware will easily find attached drives and encrypt those backup files also. 1
Fuzz Posted May 18, 2017 Posted May 18, 2017 5 hours ago, BrightonCorgi said: If your data files got encrypted and then it did a Carbonite sync, would your cloud files also be encrypted? Would your mirror drive also have encrypted files??? I believe they would. You need nightly backup's that are date/time versioned with a FIFO model for the amount of backup storage you have. Every night is a new back up file... As I mentioned, I have my data backed up to Dropbox, Onedrive and an external drive, but they are not done at the same time. I stagger my updates so if one backup is affected, I have at least another that is clean. Have been playing with the idea of having 2 external drive backups instead of just the one, but that just may be my paranoia.
BrightonCorgi Posted May 18, 2017 Posted May 18, 2017 2 hours ago, Fuzz said: As I mentioned, I have my data backed up to Dropbox, Onedrive and an external drive, but they are not done at the same time. I stagger my updates so if one backup is affected, I have at least another that is clean. Have been playing with the idea of having 2 external drive backups instead of just the one, but that just may be my paranoia. If you are using Dropbox or Onedrive via Windows, the syncing is quite quick. Onedrive.exe and Dropbox.exe are controlling the syncing unless you are only using the browser to back up data. Even in that case, it could be a Sharepoint or the like that sync's via the browser. I do not recommend a file sharing site or utility to maintain backup's or data integrity. Safest bet on the cheap is to run a script to FTP or Robocopy your files to a Date/Time folder on a schedule somewhere off site. The connection drops and there is no way for the malware (in general) to corrupt that destination. There are no persistent connections for the malware to propagate laterally.
Mattygukas Posted May 18, 2017 Posted May 18, 2017 As someone who had to deal with this for the business I manage I can say first thing first...protection on the front end is paramount. (Anti virus, malware protection, good firewall, etc) The next key is education of your employees...nothing works better than an employee who understands what to do and what not to do. And of course the last line of defense is to have frequent backups. If it is in regards to business, try taking full back ups each night with snapshots throughout the day. Or have an image of your servers stored (from each backup) on a offsite data center that you can use/switch over to in case of an infection. I had a ransomware issue about 18 months ago and using a backup offsite got us up and running in 90 minutes and paid zero dollars. Oh, also light a nice Cohiba Robusto and forget about your troubles for a while...that helps too!Sent from my iPhone using Tapatalk
BarryNY Posted May 18, 2017 Posted May 18, 2017 17 hours ago, BrightonCorgi said: If your data files got encrypted and then it did a Carbonite sync, would your cloud files also be encrypted? Would your mirror drive also have encrypted files??? I believe they would. You need nightly backup's that are date/time versioned with a FIFO model for the amount of backup storage you have. Every night is a new back up file... Don't know about their cloud update...would think they have the best of the best defenses for that ??? but I keep my mirror drive NOT connected until I want to do the mirror backup - on my "terms" - not automatically...
BrightonCorgi Posted May 18, 2017 Posted May 18, 2017 3 hours ago, BarryNY said: Don't know about their cloud update...would think they have the best of the best defenses for that ??? but I keep my mirror drive NOT connected until I want to do the mirror backup - on my "terms" - not automatically... No, they don't have defenses around that in terms of prevent you from syncing an encrypted file. They may have defenses to prevent the malware from encrypting what is in their cloud, but if you sync up an encrypted file, the sync is doing what is supposed to.
luvdunhill Posted May 19, 2017 Posted May 19, 2017 Wow, other members are part of this crazy cyber security industry as well? Been 15 years for me.I have been thinking, shouldn't extortion payments be tax deductible?
LordAnubis Posted May 19, 2017 Posted May 19, 2017 Does anyone know people who have had this virus show up on an up to date version of windows 10?
Fuzz Posted May 19, 2017 Posted May 19, 2017 44 minutes ago, luvdunhill said: Wow, other members are part of this crazy cyber security industry as well? Been 15 years for me. I have been thinking, shouldn't extortion payments be tax deductible? The Australian Govt will be telling the extortionists that they will need to collect the GST for any payments made.
gweilgi Posted May 19, 2017 Posted May 19, 2017 49 minutes ago, Fuzz said: The Australian Govt will be telling the extortionists that they will need to collect the GST for any payments made. ... but will the Australian government actually *receive* the GST? #wherearethe165million
.png.9c3d798c7bff27b9a437c0a03c703654.png)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now