tag:blogger.com,1999:blog-6322916946732811685.post3952620993738289693..comments2024-03-18T21:49:42.814-04:00Comments on Borepatch: RansomwareBorepatchhttp://www.blogger.com/profile/05029434172945099693noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-6322916946732811685.post-6927563061075968102016-05-25T18:02:03.067-04:002016-05-25T18:02:03.067-04:00So... let's say one does backups faithfully (r...So... let's say one does backups faithfully (religiously?), and we end up with a ransomware hijacking. How do you know to trust your backups? Do they sit quietly on a machine for some amount of time before springing the trap door? Is there a chance the backup is corrupted? Or that they "see" backups are happening and use that to make the attack more vicious? <br /><br />SiGraybeardhttps://www.blogger.com/profile/00280583031339062059noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-84467998159480989422016-05-25T16:16:37.020-04:002016-05-25T16:16:37.020-04:00For SOME people, Jeff B, that STILL would not be s...For SOME people, <b>Jeff B</b>, that STILL would not be sufficient. After all, there are some people out there who will forward stuff WITHOUT determining whether or not it is bad shiite. And they are still quite likely to be able to answer those three questions. Much to your chagrin.matismhttps://www.blogger.com/profile/12935009854433843094noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-68267577191841924522016-05-25T14:15:22.439-04:002016-05-25T14:15:22.439-04:00Ruth, it's been a long time since I really lo...Ruth, it's been a long time since I really looked at firewalls. I really don't know who's good and who's not.Borepatchhttps://www.blogger.com/profile/05029434172945099693noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-43095807787735609032016-05-25T09:01:55.320-04:002016-05-25T09:01:55.320-04:00Not entirely random but only kinda off topic quest...Not entirely random but only kinda off topic question for you all....<br /><br />I was using Outpost Firewall, liked it quite a bit. Unfortunately they were bought out. I'm having trouble finding and picking a new firewall software.....any suggestions that won't cost me a fortune?Ruthhttps://www.blogger.com/profile/11924993310937754220noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-78863422180475065042016-05-25T08:25:21.423-04:002016-05-25T08:25:21.423-04:00"4: Don't open email attachments, don'..."4: Don't open email attachments, don't download email attachemnts<br />-unless I know who it is from AND I am expecting it."<br /><br />That is wise advice indeed. I've told clients the same, and added the following: "If you aren't sure they sent it, then create a NEW email to that person -- don't just hit 'Reply' -- and ask them if they sent an attachment, what is the name of the attachment, and what is the size of the attachment. If they can't answer all three, don't open it."<br /><br />The reality, as I think we all know, is that most computer infections (Malware, virus, ransomware) are because of end user actions. If we could just find a way to get people to stop touching their damn computers... :-D<br />Jeff Bhttps://www.blogger.com/profile/04373451882997653147noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-76699227896001842792016-05-24T21:40:09.216-04:002016-05-24T21:40:09.216-04:00Best way I have found to keep crap off the 'pu...Best way I have found to keep crap off the 'puter is:<br /><br />1: Disable Java by default<br /> -re-enable on a site-by-site basis if needed<br /><br />2: Disable plugins, especially Flash by default<br /> -re-enable on a site-by-site basis if needed<br /><br />3: Run an ad-blocker<br /><br />4: Don't open email attachments, don't download email attachemnts<br /> -unless I know who it is from AND I am expecting it.<br /> BChttps://www.blogger.com/profile/12189315938678079340noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-3310708192547031732016-05-24T18:28:37.686-04:002016-05-24T18:28:37.686-04:00Thanks for that. Wilco.Thanks for that. Wilco.Danhttps://www.blogger.com/profile/09141751696029717131noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-60604924063332522752016-05-24T17:38:06.488-04:002016-05-24T17:38:06.488-04:00Find the ransomeware a-holes website, and spam the...Find the ransomeware a-holes website, and spam the payment fields with penta-bytes of garbage, hopefully containing bits of SQL code to nuke thier database, if they are stupid enough to unsanitize user input?<br /><br />Nice victims database you got there. Too bad it has eight landfills-full of sewage in it now ...Kristophrhttps://www.blogger.com/profile/08370888276707569365noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-15641673311927170102016-05-24T17:14:01.794-04:002016-05-24T17:14:01.794-04:00Burt, I like Malwarebytes quite a bit, and recomme...Burt, I like Malwarebytes quite a bit, and recommended it in a post here quite some time back. <br /><br />https://borepatch.blogspot.com/2009/11/recommended-security-tool-malwarebytes.html<br /><br />And I do remember the Cisco Security Agent. ;-)<br /><br />Jeff, not a lot of organizations can do that - I certainly couldn't do that for the Queen Of The World's computer. ;-)Borepatchhttps://www.blogger.com/profile/05029434172945099693noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-81028874860201274152016-05-24T17:05:36.277-04:002016-05-24T17:05:36.277-04:00Darn good info. Thanks. You wouldn't believe...Darn good info. Thanks. You wouldn't believe (ok, you probably would) how many of these malware infested emails (the ones with invoice attached, typically a .zip from an unknown contact that only a fool would fail to delete immediately) that I've been receiving lately. Aaronhttps://www.blogger.com/profile/08146728790019377401noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-1891437496143983802016-05-24T13:31:27.548-04:002016-05-24T13:31:27.548-04:00A couple of our clients have been hit by variants ...A couple of our clients have been hit by variants of these Crypto-/Ransomware infections. <br /><br />Thankfully, we are obsessive about inspecting the backup jobs, and that has saved our bacon a few times.<br /><br />Other thing we've done or considered doing at clients: <br />1) Blocking EVERYONE from installing to C:\Program Files or C:\Program Files (x86). Yes, everyone, except the master Domain Admin account. Not even daily helpdesk techs are allowed to install to that path. <br /><br />2) Block password-protected .zip files<br /><br />3) Block macros in MS Office.<br /><br />4) Disable USB ports on PCs. <br /><br />It's a nasty bugger. <br /><br />Best,<br />Jeff BJeff Bhttps://www.blogger.com/profile/04373451882997653147noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-47384325520637139692016-05-24T12:39:31.447-04:002016-05-24T12:39:31.447-04:00+1 for Malwarebytes!
Been using it on my Windoze ...+1 for Malwarebytes!<br /><br />Been using it on my Windoze systems for years.drjimhttps://www.blogger.com/profile/05647484115197408897noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-150925514482349702016-05-24T12:25:14.302-04:002016-05-24T12:25:14.302-04:00Antivirus isn't sufficient: you need a memory-...Antivirus isn't sufficient: you need a memory-resident program that uses "rules" to determine which programs have the ability to manipulate files on your local Windows filesystem (and any "mapped" filesystem), and to prevent some program-based behaviors that it might think are acting against your best interests.<br /><br />I use Malwarebytes. BP may remember Cisco's desktop security program (CSA). Malwarebytes also uses rules-based behavior processing which protects against most zero-day attacks (if the behavior isn't allowed, then it isn't allowed). With Bitdefender and Malwarebytes, I haven't been hit with either a virus or malware in, um, years.<br /><br />Yeah, I've had to mark some programs as "allowed", but that's less of a bother than losing everything I own.Eaglehttps://www.blogger.com/profile/14471264704254326723noreply@blogger.com