@rsladeI agree, that is an obvious move, but also to have your incident Response playbooks up to date, PR media communications ready to go.  Plus make sure your hygiene levels are good.

 

However, this will not stop the current practices extorted by the cyber criminals.

 

Why should we allow them to actually do this against society and organisations and carry on doing it?

 

Regards

 

Caute_cautim

> Caute_cautim (Community Champion) mentioned you in a post! Join the conversation

>   Why should we allow them to actually do this
> against society and organisations and carry on doing it?

Natural selection? Evolution in action? Thinning the herd?

(Anyway, I'm getting tired of discussing ransomware, when most of the attacks
these days are actually breachstortion ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
To define recursion, we must first define recursion.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

@rsladeSo what you are asking is it merely conjecture that they have been breached, i.e. prove it is real?

 

Or you are pointing out the game that is being played out.

 

https://www.ckd3.com/blog/breachstortion

 

Regards

 

 

Caute_cautim

 

 

So it should be a multi-prong effort.

1) Recovery -Backups

2) Prevention - Awareness training

3) Detection - Antivirus/Antimalware

4) Prevention - Secure design

Just doing one action alone won't be very effective.

We have a vendor in the US that is running a commercial claiming their product protects you from the ransomware virus. It irks me every time I hear it. I know they only have 30 seconds to try to sell their product so they are dumbing it down for the consumer but I feel it is counterproductive as it makes the customer think that ransomware is just a virus so it should be caught by the antivirus product and they can click away without worry of it infecting themselves.

I think it will eventually evolve into everything being clicked on going into a sandbox to be unpackaged and evaluated before being returned to the user. 

@rslade

 

It's been on my list to look into, but maybe you have the answer, I have heard that some ransomware can hit backups. I am guess these would be near line backups connect as a share. So any idea what types of backups ransomware can and cannot get too?

 

John-

> JKWiniger (Contributor III) mentioned you in a post! Join the conversation

>   It's been on my list to look into, but maybe you have the answer, I
> have heard that some ransomware can hit backups. I am guess these would be near
> line backups connect as a share. So any idea what types of backups ransomware
> can and cannot get too?

As usual, convenience is the enemy of security. Yes, constantly connected,
constantly updating backups are going to be subject to ransomware attacks. So,
intermittent, stored offline types of backups are going to be less subject to those
attacks. Removeable (and then stored elsewhere) media is going to be best.
Incovenient, yes, but safer.

There used to be an attack called data diddling. It was never very prevalent, but it
was particularly insidious. It made small mofidications (errors) to data
incrementally over time. If you couldn't detect it, it would affect any kinds of
backups, too. But that isn't what modern ransomware does.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
It is not the strongest of the species that survives, nor the
most intelligent, but the ones most responsive to change.
- Charles Darwin.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

@rslade 

 

It's kind of what I thought. It would be interesting is they malware gateway for backups. I mean it wouldn't be very hard to do, allow data to be pulled from behind it and don't allow any kind of push.. kind of like making backups read only if you will..

 

As for the old malware.. I so get it.. there was a time I have an old x286 that I wanted to use for all the viruses I collected just to see the payloads, you know when viruses where cool, like RedX, Vadar, and dropper.. sadly never seemed to have the time.. to busy rebuilding corrupt double space drives and getting the boot sectors back from.. umm was in the money virus? Can't remember the names...

 

Yes, I'm old.. I remember going to computer show in high school and getting the latest vscan on 3.5..

 

It was funny this one show was setup around the edges of a pool! and batch then the surcharge to use a CC.

 

ya 2600 wasn't just a magazine, it was the other name for captain crunch and the crystal I put in my tone dailer I used at Woodstock.. wait what who say that?!?! hahah

 

John-