Encription Virus Help!

Does anyone mind if I drop this in here?

die-cut-stickers.png


:yes:
 
We've never paid ransom, yet, but have felt bad when cost to recover (plus down-time) easily exceeded the price of ransom. 'Just don't want to feed the monster.
It's worth noting that it's not always possible to pay the ransom. Sometimes your antivirus solution or IT guys will cripple the virus to the point that it interferes with the ability to pay. Or the government or Internet provider may have taken the bad guy down.
So, we assume paying is not an option and plan on backups for recovery.

I hear ya loud and clear, but I had to get all of the files back due to government compliance BS. It worked 100% except for a glitch in the QuickBooks files. We had to add the last 3 months is all.


We personally like using at least 3 types of backup. But it depends greatly on the nature and amount of data. I personally don't like incremental or differential backups, since I like each backup to represent an opportunity to fully recover. Incremental and differential require a string of different backups be put back together to fully recover. It gets complicated, and if part of the string is corrupt, you might have problems. But if you have a LOT of data, a full backup each time is not possible (not enough time).
Good stuff thanks

Like Rich, I consider cloud backup to be a last choice, but probably necessary. It turns out that time-to-recover may be the most important thing (once you know that you can recover). Because of Internet speeds and the amount of data, time-to-recover can be days with many cloud backup services. Others may have a provision for sending you a hard drive (usually $$$ premium services). Cloud based backups usually satisfy the need for an off-site backup (required by some business insurances and malpractice).
Carbonite is the worst. They only keep files for 30 days. :eek:

On smaller systems, we usually use an imaging product, like Aconis TrueImage or Macrium Reflect, to an internal or external hard drive. This way, we not only get a FULL copy of the data, but also Windows, settings, and all programs. Time-to-recover is usually less than an hour! Windows 7 or Server built-in backup will also do a pretty good job, and gives an opportunity to recover OS/Programs/Data, but it does do a kind of complicated incremental/differential thing. You can rotate drives if you want to get off-site backups or make sure a least one backup is not connected to the system. As mentioned above, so far, the ransomware programs have not attacked image backup files.
I use Acronis now. :redface: Should I do a complete back up ever time? Back it up the second time is just a "differential" of what has changed since the first whole PC back up? Is that was you mean by an "over lay"?
 
Last edited:
I use Acronis now. :redface: Should I do a complete back up ever time? Back it up the second time is just a "differential" of what has changed since the first whole PC back up?

If you were using Acronis, how did data get lost? (or does "now" mean post infection?) I prefer each backup be a full, providing there is enough time each night to do a full. It's just simpler and removes the need to combine 2 or more backups to get my recovery. If it's running at night, I don't care if it takes 20 minutes or 3 hours to run. With hard drives costing nothing, space is no longer an issue.

We always also take advantage of any program-specific backups, like what's available in Quickbooks. I always set it up to do it's own backup, using the every "x" times function, and even the scheduled function. There's a reason why they build their own backup routines into most accounting programs.
 
Like Rich, I consider cloud backup to be a last choice, but probably necessary. It turns out that time-to-recover may be the most important thing (once you know that you can recover). Because of Internet speeds and the amount of data, time-to-recover can be days with many cloud backup services. Others may have a provision for sending you a hard drive (usually $$$ premium services). Cloud based backups usually satisfy the need for an off-site backup (required by some business insurances and malpractice).

A former client's tech people once told me that the fastest and most cost-effective way they had to transfer their entire database between centers was still the sneaker network: a hard drive and first class airline ticket.
 
If you were using Acronis, how did data get lost? (or does "now" mean post infection?) I prefer each backup be a full, providing there is enough time each night to do a full. It's just simpler and removes the need to combine 2 or more backups to get my recovery. If it's running at night, I don't care if it takes 20 minutes or 3 hours to run. With hard drives costing nothing, space is no longer an issue.

We always also take advantage of any program-specific backups, like what's available in Quickbooks. I always set it up to do it's own backup, using the every "x" times function, and even the scheduled function. There's a reason why they build their own backup routines into most accounting programs.

Post infection. :redface:
 
To drift this thread a bit.... Any preferences on which Anti-Virus programs?


Mac OS is the best anti-virus software I've used.

About 13 years ago my business was all PC,s. I got malware that spread to all 6 of our workstations. I had issues 3-4 times within 1 - 1.5 years time.

Out of desperation I switched to Mac and to this day I have never been infected with malware since. Not that I'd ever say it's not possible (that's just dumb to claim), but the security barriers to create virus or malware on Mac are huge compared to windows.

Personally, I have nothing against windows as an operating system, but the security holes are just too huge which creates too much IT overhead and downtime (usually at horribly inconvenient times it always seemed).

Truthfully, I would love to run Linux, but the lack of commercial software support led me to go with the Mac route instead. Really under the hood Mac is Linux (actually BSD) where you can actually buy software to use.


Sent from my iPhone using Tapatalk
 
Mac OS is the best anti-virus software I've used.

About 13 years ago my business was all PC,s. I got malware that spread to all 6 of our workstations. I had issues 3-4 times within 1 - 1.5 years time.

Out of desperation I switched to Mac and to this day I have never been infected with malware since. Not that I'd ever say it's not possible (that's just dumb to claim), but the security barriers to create virus or malware on Mac are huge compared to windows.

Personally, I have nothing against windows as an operating system, but the security holes are just too huge which creates too much IT overhead and downtime (usually at horribly inconvenient times it always seemed).

Truthfully, I would love to run Linux, but the lack of commercial software support led me to go with the Mac route instead. Really under the hood Mac is Linux (actually BSD) where you can actually buy software to use.


Sent from my iPhone using Tapatalk


There isn't anything special about OSX other than a lack of market penetration. At Pwn2Own Macs are regularly taken down. The trick is market share. How many pc's run XP, Vista, 7, and 8? How many personal pc's run Linux, FreeBSD, NetBSD, or macOS? Stick them in a contest, offer a little prize money, and watch them fall.

Compare the two, that's your target potential.

http://en.m.wikipedia.org/wiki/Pwn2Own

Nothing is safe, not even Google Chrome.


Sent from my iPad using Tapatalk
 
There isn't anything special about OSX other than a lack of market penetration.

Well, does it really matter that the Mac isn't completely impervious to attack? The end result is that it's still less likely to get hit.

btw - I'd argue that the OS X code base is better from a security perspective than windows. It's not perfect, but it's still better.
 
Sounds good. I would add to it with the option of multiple external drives that rotate through. So, Monday it mounts and backs up to drive 1, Tuesday drive 2, etc.

That would be easy enough to do, too, but you wouldn't necessarily need seven physical drives. 'Nix partitions can be mounted individually. You'd still want at least two drives for redundancy, though, either alternating or with one copying to the other after each backup. I wouldn't want to use RAID for something like this. It just adds a SPOF.

Back then, my idea was to build something simple for small businesses who couldn't always be trusted to do anything that required some physical action, like plugging and unplugging a drive. I was always paranoid about backups being infected, even long before Cryptolocker; but I found that most small business clients couldn't be trusted to so much as flip the On/Off switch on an Antec external drive, even with morning and evening checklists, much less physically connect and disconnect a drive.

Rich
 
Mac OS is the best anti-virus software I've used.
but the security barriers to create virus or malware on Mac are huge compared to windows.
That's old-school thinking. For the last couple of years the attack methods have changed to mostly social engineering. It doesn't matter what browser or operating system you use anymore. If you can be tricked into clicking something or opening an attachment, you can be infected. Macs will always have less than 1/10th the malware... because they have less than 1/10th of the market.
 
What is the longest delay between infection and signs of illness? Ie does the E virus always show itself immediately?
 
Some people figure it right away, and some take days. Those that figure it out soon realize they clicked on something dicey, and notice the computer suddenly gets very busy. Most realize they've been infected when they can't open files any more. Even the slowest users know when the screen pops up with a giant message telling them about the ransom and how to pay. By that time, every folder containing an encrypted file has a message in it (txt or html) explaining about the ransom and how to pay.
html-file-thmb.jpg
 
So an email attachment or ?
Can clicking a link do it?
I notice when I click an executable file link such as when dling software or an update, my screen goes dark and it asks if I really want to dl such and such file from (website).
(Windows 7)
How else to avoid Encryption Virus?
 
That's old-school thinking. For the last couple of years the attack methods have changed to mostly social engineering. It doesn't matter what browser or operating system you use anymore. If you can be tricked into clicking something or opening an attachment, you can be infected. Macs will always have less than 1/10th the malware... because they have less than 1/10th of the market.

Mac / Unix in general also have better permissions management. Not good enough to make them idiot-proof, however.

Rich
 
That's old-school thinking. For the last couple of years the attack methods have changed to mostly social engineering. It doesn't matter what browser or operating system you use anymore. If you can be tricked into clicking something or opening an attachment, you can be infected. Macs will always have less than 1/10th the malware... because they have less than 1/10th of the market.


Yep, probably all true. All I know is Mac OS has been far more reliable to me, and everyone I know who has macs has had really good luck with not getting malware.

The same cannot be said for my friends running windows. If the situation was opposite this and I saw my friends with windows having few if any problems and the macs were full of problems I would switch to windows in a heartbeat.

The OS doesn't matter much to me, all the good stuff is the applications anyways. I just want something stable and reliable.


Sent from my iPhone using Tapatalk
 
It just depends. The internet is a pretty unsafe place and there is a certain degree of luck. Adobe's Flash product has been getting hit really hard lately with zero days (it's junk)...

Question ... I have Flash set to "always ask" before running it. But there's
so much that requires it .. like virtually all videos on Fox or CNN. Is there an
alternate program? If not .. is checking for updates daily a good choice?

RT
 
Question ... I have Flash set to "always ask" before running it. But there's
so much that requires it .. like virtually all videos on Fox or CNN. Is there an
alternate program? If not .. is checking for updates daily a good choice?

RT

Somewhere in the Control Panel there should be a shortcut to the Flash Player settings, which include update settings, of which one is to allow automatic updates, which in theory should check automatically. In practice, I find that sometimes it does and sometimes it doesn't. It always checks on user login and system reboots, however.

Flash is a mess. Activating it only for videos on trusted sites helps, but it's still a mess.

Rich
 
Can this hit Linux, or is there something similar? I'm on Linux Mint. Am I benefiting from low market share our is it actually tougher to exploit? Both?
 
Can this hit Linux, or is there something similar? I'm on Linux Mint. Am I benefiting from low market share our is it actually tougher to exploit? Both?

When properly set up, secured, and configured, Linux and other Unix systems are inherently more secure than Windows, for many reasons, including a more advanced permissions system and a more robust, compartmentalized architecture. But they're not immune. Vulnerabilities are regularly found and patched, as you know if your system's auto-update function is enabled.

In addition, some popular software that runs on Linux (including the various window managers used on desktop systems) have known vulnerabilities.

Neither would the fact that users typically do not have root privileges while working prevent malware running with only user privileges from deleting or encrypting the logged-in user's files (or any other files for which the user has sufficient permissions).

Finally, a dopey user who knew the root password could grant system-wide privileges to malicious software simply because the software asked for it.

So long story short, there's really no theoretical reason why ransomware couldn't be just as devastating to a Linux user's files. The same rules for backup therefore apply.

Rich
 
Back
Top