Ransomware becoming a problem for government and businesses

 
Last edited:
Galdorf said:
One way of preventing backups from being encrypted is using controlled folder access only allowing the backup software access to its contents therefore it cannot be encrypted i have tested it on an old machine and it works great don't know why IT is not using it?.
Click to expand...

I see Controlled Folders is blocked by some/most third party anti-virus apps. Regardless since I don't use third-party anti-virus much anymore, how intrusive is Controlled Folders for those neophytes that need it most? It's suppose to recognize authorized apps but allowing other apps seems to be buried in multi-level menus. This could cause issues for many users.

Looks like I need to install it on a couple of machines here and check out the details for myself. (I have 5 local townships and municipalities as clients (prime ransomware targets) and although some have Backblaze or Carbonite others do little or just have an always connected external HDD for backups.)
 
@roborobs computer repair, no that's a complete falsehood.

Hardware level encryption just means the data is encrypted at rest, keys have to be provided to decrypt it for use. Once the system is online, the disk is essentially, unencrypted. Software running on that unit at that point, has files to play with, their encrypted status on the storage medium is irrelevant. So an infection there will simply encrypt the data again, which locks you out and makes recovery that much harder.

So if you're using drive level encryption, and you don't have good backups, you're actually in a worse situation if you get nailed with a crypto than if you weren't encrypted to begin with. Because now the recovery tech has to decrypt you... TWICE.
 
Diggs said:
. . . others do little or just have an always connected external HDD for backups.)
Click to expand...

And I would tell them, in writing, that this poses a huge risk and that they should not ever keep external backup media connected except when actually performing the backup or doing a recovery. If that's too difficult then they should use cloud-based backup if they wish to protect themselves.

Leaving local backup media constantly connected is a recipe for ransomware/cryptomalware disaster since your backups will be gone, too, if it hits while the drive is connected.
 
If I have the hardware and setup that supports it, I will put the backup target (server/workstation/nas) on a separate network - although, admittedly I'm not sure if that helps at all. None of those setups have ever been hit with encryption malware, so they have not been tested. It might be the networking equivalent of hiding your SSID. Sounds good, but not really that helpful.
 
And the next:
Hackers are holding foreign exchange company Travelex to ransom after a cyber attack forced the firm to turn off all computer systems and resort to using pen and paper across its thousands of sites.

On New Year's Eve hackers infiltrated parts of the Travelex computer network.

As a result, the company took down its websites across 30 countries to contain "the virus and protect data".
Click to expand...
More at: https://www.bbc.co.uk/news/business-51017852
 
You must log in or register to reply here.

Similar threads

J
Modular Mac Pro
2
Replies
21
Views
2K
Archon Prime
Archon Prime
Back
Top