Ransomware is threatening small businesses

User avatar
bleavitt
Site Admin
Posts: 37
Joined: Tue Apr 18, 2017 7:20 pm
Location: Calgary Alberta Canada
Contact:

Re: Ransomware is threatening small businesses

Post by bleavitt » Fri Jul 14, 2017 9:51 am

Haha, that a perfect approach. If you had decent retention you could easily minimize downtime by restoring the backup image and everything is back up and running.

I have only had glancing passes with corporate IT, but I think the struggles they face with crypto-viruses come from a few points.
1) They are supporting legacy infrastructure. Something setup 10+ years ago could be virtualized now, but in trying to keep everything humming along the latest backups and data storage techniques are not easily implemented.
2) Older IT guys making decisions. Nothing wrong with that really, but when you think about fashion people usually stop thinking about it when they reach their prime and coast in one fashion style for the rest of their lives. IT is the same, except instead of jorts its tapes.
3) Scale and Scale. For lots of things a single server works alone to perform a single task. When we are dealing with thousands of users accessing the same resources (Think corporate fileserver, or hospital records) you need to replicate LOTS of data. I only deal with 20TB or so, but lots of places are in the hundreds of TB range with Petabyptes of backups. When misconfigured if a hacker got in overnight and started encrypting files you could be in the awful position where your main fileserver is mostly encrypted, and the backups were partially overwritten with encrypted data. Obviously you should have backups for the first backup, or good retention, but with that much data any action to recover becomes enormous and stops operations for days, if not weeks.
4) We don't train for this shit. Well, some of us do, but most IT departments don't run backup restoration drills. We setup a backup plan that looks good on paper, we build a playbook, then it sits on the shelf until something happens. Hopefully its never, but when it isn't never it is immediately regretted that we didn't run a backup test in the past six months to a year because two months go Jane from accounting left her vacation pictures in a folder that got backed up hourly and the backup to the backup got backed up daily, so what was 10GB of beach and surf pictures became 5TB of clutter thrown in with the 40TB we needed to recover slowing things down.

But yes, you are 100% correct. Making it so you have a hypervisor that the guest OS can't talk to making backups is a great protection, with at least 5 day retention. Another approach I use is the pull backup. The primary server sits where it is, and a dedicated backup system connects and downloads a pre-setup backup. This lets you keep space usage on the specific server low (Only needs 1 backup, the most recent locally) and if something happens the remote backup server isn't touched because nothing from the impacted system can connect to or be executed on the backup server.

The biggest issue with IT I have seen is we are always running. I would love to see a real IT operation where everyone isn't in project/fire mode. I don't think that will happen for a while tho because of reasons: Image
When all is said and done, go and get a cookie.

Ryan
Posts: 19
Joined: Sat May 27, 2017 9:08 am

Re: Ransomware is threatening small businesses

Post by Ryan » Sat Jul 15, 2017 10:34 am

1 & 2 are spot on. Older guys are set in their ways and a fundamental redesign of the server structure isn't happening. Hell, some places are still running NT4 and worse.

As for 3, I'd have to give that bit of thought before I can pose a legitimate plan.

As for 4, if an employee is storing vacation photos on the corporate server, other issues need addressing. I can't even access the C drive on the employee portal at work. I'd just have my backup program ignore jpgs in the user directory on the server.

I do wish I kept up with technology and programming. I'd like to make a distro to work as my nested idea, of only to be proof of concept. I could probably modify one of the Debian variants but I'd need more modern books on Linux.

User avatar
bleavitt
Site Admin
Posts: 37
Joined: Tue Apr 18, 2017 7:20 pm
Location: Calgary Alberta Canada
Contact:

Re: Ransomware is threatening small businesses

Post by bleavitt » Tue Jul 18, 2017 12:02 pm

It's funny, in the modern world it isn't worth maintaining a distribution unless you want to make it your main project, or at least part of your main project. I am sure a disto exists that has a privacy focus, but I think most people like the idea of privacy but not the steps required to achieve it.
When all is said and done, go and get a cookie.

Ryan
Posts: 19
Joined: Sat May 27, 2017 9:08 am

Re: Ransomware is threatening small businesses

Post by Ryan » Wed Jul 19, 2017 10:02 am

Well there IS Tails but it isn't meant to be persistent but run entirely from removable media.

User avatar
bleavitt
Site Admin
Posts: 37
Joined: Tue Apr 18, 2017 7:20 pm
Location: Calgary Alberta Canada
Contact:

Re: Ransomware is threatening small businesses

Post by bleavitt » Wed Jul 19, 2017 11:34 am

Haha, tails with persistent nonexecuteable home folder.

Worried about something? Just reboot!
When all is said and done, go and get a cookie.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest