![]() What I want, and what I can't find, and what I will kiss the blue for if it knows, is a backup system that does proper journaling - so you can go back to the first non-bad version easily - proper automation and proper reporting. I have my own parents system on Acronis automated backups, but I don't like the interface and I particularly don't like the way the company keeps trying to force updates on me. What bothers me particularly is that I don't know a decent backup strategy for mom+pop. ![]() If you have a decent backup strategy, then you're golden. This isn't the first data-scrambling malware, and there are other things that can go wrong that mess up data, and one day something will happen to you. Which is why I said you should always have one backup offline- ie, not connected to your computer - and that if you can see your data from your desktop, so can the bad guys. Posted by disclaimer at 9:26 AM on NovemĪccording to this reddit thread, if you have backups stored on a disk attached to the infected PC or a networked drive, the virus will encrypt those files as well. If you're not expecting a file from someone, consider it suspect. NEVER open email attachments where you don't know the source. It's a matter of time before the assholes come up with more vectors, and I'm continually reading up on the new variants.īackup early, often, and consistently. Thank $higher_power for shadow copies and backups.Īnother customer got a variant with a slightly different take on unencrypting if you've already removed the main Cryptolocker app (and thereby lost your copy of the key): pay 10 bitcoins, then you can upload an encrypted file, they'll match the key and send it back to you to complete the unencryption process.Īcross the board for all my clients, I've implemented the GPOs to prevent apps running in %appdata% and blocked any and all. They're a printing company, so PDF is their lifeblood. One of my customers got it as an exe file masked as a PDF. Back up your data, then back it up again. Stay up-to-date on your AV and your system updates. If someone sends you something - a file, exe or anything like that - and your AV says it's clean, but you want to vet it anyway, submit it to VirusTotal which will at least show how how the other 40-odd AV vendors responding to the file. Never plug in a USB thumb drive that you happen to find. Especially "unsubscribe" links unless you're savvy enough to comb through the mail source and determine if the link is legit. Use noscript or something similar to control how javascript runs on your browser.Īvoid clicking links in e-mail. Need access to a few thousand machines? Prices are rock-bottom any more. Herds of them are easily sold in various dark market forums. Botnet nodes are only useful to the operators if they're stealthy, and they're very good at hiding their activities. The trick is that you wouldn't necessarily know that your PC is part of a botnet. exe files am I safe? Is that Java hole a vulnerability for everyone, or just people who have out-of-date browser plugins? (Which plugins?)" Straight: " So, if I'm not part of a botnet and don't click on. I think the logic is, "If you blindly push this out, you deserve to have an ad on every users machine displaying your incompetence." Be aware: the guy put a desktop shortcut for his company in there that will push to every machine. PS for admins out there, we instituted these GPO rules after review. Anonymous ransom and untraceable services. TOR and bitcoin are totally horrifying when viewed through this prism. When they see the amount of money being raked in (and I personally know of at least $2000 paid by other companies) this is going to get horrifying.Īlso, I now totally understand the "persecution" of bitcoin by the feds. ![]() The delivery system and malware itself is actually much less advanced than a lot of other crap I've dealt with. In the midst of this outbreak I thought for the first time, "The internet is no longer safe for most people." I mean, this is clearly a 1st gen virus. If we hadn't increased our snapshot abilities on the share, this could have FUCKED us rather hard. The crypto worked it's way into the share drive and encrypted what limited things that user had access to, forcing a full restore of that section of the drive. Within 10 minutes a Win 7 user and an XP user got hit. We're a MS shop with about 130 machines across a few states. Just went through a little outbreak at my workplace:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |