Scary Thing about Ransomware

[WildWestDesigns]

While I really do like my tech and I like my computers and see them more then just a means to an end, I can't think of another reason why we need to keep some stuff off the friggin' internet.

I am not surprised about this at all. I can't believe that it didn't happen during WannaCry, or I don't recall reading anything about it if it did (which is possible).

I find the timing of this ironic, as we had a local hospital here hit with ransomware and I had actually told my wife this very thing that I was concerned about (but I was actually a little more hyperbolic about it (I know that doesn't sound like me, but I was)).

 

[Bradley Signs]

I ask the same thing about our utility companies and a number of other very important entities....
Why does the Electric System of this country need to be connected directly to the internet?
For billing purposes, sure.
But anything else?
I have heard over the years that one day someone some where may attack the electrical grid and shut the country down! What?
Our hospital files and banking interests? Again, WHAT?
Why does all that need to be connected to the outside world?
Has this country become so lazy that they can't (Just to simplify how it might be done), put the info they need on a Thumb Drive and swivel in their chair and plug it into an OFFLINE computer?
The world lives and dies on the internet now, but geez... do we have to be stupid about it?
I don't even own a phone and I get along just fine without it.... just like I did 30 or more years ago.
We do have one for business, but that's the wife's phone. I have no need for one.

 

[WildWestDesigns]

Has this country become so lazy that they can't (Just to simplify how it might be done), put the info they need on a Thumb Drive and swivel in their chair and plug it into an OFFLINE computer?

I would add in there to also do a virus/malware check as well before it goes to the internal network.

I can understand an efficiency gain from this, the downside is that the people that are in control of "our" data don't really respect it, because it's not "their" data.

People go to 3rd party vendors for some things, because they don't want to be in charge of having to figure out how to enable certain protections for themselves and want to "pass the buck", well this is the downside of that.

Now, those that do use some protection, for instance cloud backups, there was an incident that happened earlier this year or last year (time is starting not to have any meaning anymore it seems) that a cloud storage provider for dentist offices was compromised and this storage provider's software that communicated between them and their clients was used to infect client's machines with ransomware as well.

There are benefits, I see it with my own servers and running connectivity via them, but these run by other companies just are shameful it seems.

 

[karst41]

Pay Attention to your eMails.

Pay attention on who sent the eMail

 

[WildWestDesigns]

Pay Attention to your eMails.

Pay attention on who sent the eMail

Not just emails, there are various vectors that can be used to infect a system.

Back in 2015 (I think, maybe 2016) you had PDFs that were opened in web browsers that were used as vectors (and this affected all platforms(Linux, Win and Mac)).

Scripts in web pages could also have an affect as well. And I have seen emails questionable emails come from the actual client sent address, now I didn't look at the metadata to see if there was a difference there.

Computers that are online are constantly getting attacked. I had put an empty NAS online to the outside network to see what would happened. It was a few hundred times that the script kiddies tried to get in in one day. Now it was totally empty, so it didn't bother me, but that just goes to show, it's not just emails.

The one thing (and this goes back to Windows) that I absolutely hate is when people suggest right click -> run as su(do) on a regular program (in other words, not a disk cleaning program or disk partitioning program etc, but like Ai, or Flexi etc). Can anyone imagine if Flash player was suggested as running as su(do)? The sad thing that that suggestion in a lot of times works, but it still shouldn't be a thing to do (and I would look into permission settings of the program to see why it does work and change those settings when it's appropriate to do so).

Let's not get into what embedded macros can do on systems that support Office files (including Mac).

 

[jfiscus]

It hit us around 6 (?) years ago at our sign shop. It got into one computer that was on the network and was able to get to every computer in the office and all storage/server space we had. It even got into our offsite backups and corrupted them too. Thankfully we have a weekly hard offline backup in place. We lost most everything local on PCs but the important data is all stored on the servers and was backed up offline. The corruption was so thorough it was cheaper to just replace the PCs as it had infected the firmware of the motherboards, etc. Offline backups are important, we had 20 years of data at stake.

 

[WildWestDesigns]

It hit us around 6 (?) years ago at our sign shop. It got into one computer that was on the network and was able to get to every computer in the office and all storage/server space we had. It even got into our offsite backups and corrupted them too. Thankfully we have a weekly hard offline backup in place. We lost most everything local on PCs but the important data is all stored on the servers and was backed up offline. The corruption was so thorough it was cheaper to just replace the PCs as it had infected the firmware of the motherboards, etc. Offline backups are important, we had 20 years of data at stake.

Yep, they can even see mapped drives as well. I am surprised about the firmware on the MBs, that was quite an extensive hit.

How often where those offsite backups? I'm used to a little delay between those two, but maybe it triggered on it's own sync of files to the offsite.

 

[player]

How bad is it to run Win7 Pro? Is clicking an email link the only way to get hit? I run windows firewall and Avast Antivirus.

 

[WildWestDesigns]

How bad is it to run Win7 Pro? Is clicking an email link the only way to get hit? I run windows firewall and Avast Antivirus.

At some point, you will be stuck on legacy web browsers since Win 7 is EOL. Also your other protection software will be obsolete as well due to the same reason. It won't happen overnight, but it will come to pass at some point.

And no, email is not the only way to get it, it's just perhaps the most well known and maybe even the easiest due to "social engineering" approach.

 

[jfiscus]

Yep, they can even see mapped drives as well. I am surprised about the firmware on the MBs, that was quite an extensive hit.

How often where those offsite backups? I'm used to a little delay between those two, but maybe it triggered on it's own sync of files to the offsite.

Nightly backups are automatic on all modified files on our server data drives. So, once the virus encrypted/infected the files it saw they were all updated and backed them all up... Thankfully we had a backup of the backup from the week prior.

 

[KrisMalby]

eset is amazing for as an antivirus software, kaspersky absolutely rubbish i speak from experience with ransomware i was lucky the ransomware virius cryptxxx or whatever it was called wasnt so good could of been bad even with the backup precautions we have 25 odd computers could of been compromised, luckily nothing data critical was affected.

 

[SightLine]

It is not cheap but another good option is high end (network) edge defense. I keep our entire network behind a Checkpoint firewall. It does a ton more than your typical residential or SMB devices and the annual subscription costs about $400 a year on top of the hardware costs. If you are creative and have the time there are also DIY solutions that can offer much of the same capabilities but that takes a good bit of work and planning to pull off, especially if trying to use free resources online. It literally does a ton of things to protect your network and everything within. https://www.checkpoint.com/products/next-generation-firewall/ We have a prior model 730 SMB appliance and upgraded to that one from an older one before it (they just introduced their new 1500 series). Seriously, they are top notch for what they do but you still want to have an antivirus solution on the desktops and practice reasonably good software security update practices as well.

 

[WildWestDesigns]

We use an Ubiquity firewall here, no complaints with it.

Don't overlook how much these networked devices are updates as well. Some of these devices use outdated kernels and aren't updated (as most people don't think to update these types of devices), but even if the end user does, doesn't mean that the OEM supports that device as well.

 

[binki]

It's all about Risk Management. Just look at our schools in California. They were not prepared for in home learning last year and they didn't make much progress over the summer. Information Technology is considered a cost center and the resources needed just are not there and this is what happens.

 

[WildWestDesigns]

It's all about Risk Management. Just look at our schools in California. They were not prepared for in home learning last year and they didn't make much progress over the summer. Information Technology is considered a cost center and the resources needed just are not there and this is what happens.

And you know, I wouldn't expect much progress on that front for a few more years at best (and that may be wishful thinking). I would actually expect more from the private sector then I would from the public sector more often then not. Not always the case, but I would say for the most part would be true.

 

[ikarasu]

We use fortinet firewall at our shop. Also keep in mind most of the good firewalls charge for upgrades... I believe we pay $600ish a year to get updates sent out.


Another expense I don't think most shops need... Don't get me wrong, I'm AL about security. But the cost of a good firewall, good cloud backup, off site backup along with a local backup is pretty expensive for most shops that can get by with a $200 Nas and auto cloud backup.


We go overboard because we have someone in house that can do it all (me) which saves $1000 a month on outsourced it work, as well as because we do so many government contracts that it's part of our obligation.


Most shops seem to be pretty small on here. With 1-10 employees, in a perfect world everyone would have a firewall, airgapped network, backups up the wazoo... But I feel like the people on S101 will see the $100-200 a Month cost, the $1000+ upfront cost, as well as having to Train someone to maintain it.. And just say screw it.

That's one reason I go for the minimalist, best bang for buck approach.

 

[WildWestDesigns]

Most shops seem to be pretty small on here. With 1-10 employees, in a perfect world everyone would have a firewall, airgapped network, backups up the wazoo

Shop of one here. So it's all one person. It can be done with one person.

I do agree with most people do probably just say "screw it". I don't think that's a good thing and as increasingly dependent as we are on tech, and with this notion of "always connected" even less so. There are some things that people should actually be aware of. Don't need to be experts mind you, but even knowing what is going on, I do think that should be known. That way they can better budget things even if they have to outsource it.

 

[ikarasu]

Well.. I think we can agree you understand more than the average person

Were a shop of about 30-40 people. Before I came along they paid $1600 a month for IT. They also paid $300 to bring someone in to setup email for each users cell phone..... Because no one knew how

When I think of people on here... I try to equate them to people at my work. Not everyone has an interest in computers, and that's OK. There's a few people on here who seem to know what they're talking about... But for as many that do, I see lots of people unable to work their printer because their ip changed and they don't know how to fix it


For those people.... I say a Nas that auto backs up to the cloud is about their limit for setting up a "defense".

 

[WildWestDesigns]

Not everyone has an interest in computers, and that's OK.

Normally, I would agree with this. "You do you". I do think the baseline level of knowledge given the direction of computing and how interconnected it is with everyone and in every facet, that needs to change. Not saying need to be an expert, but people need to be further along then what they are. Either that or the interconnectivity level needs to come down and come down drastically, which I don't see happening either.

 

[ikarasu]

There is way too much to learn, and way too little time though. And it's different... The generation that grew up with computers tend to pick it up a lot more than the generation that didn't use them in their daily life.

For most, e-mails and artwork is all they use their PC's for. Learning to properly air gap a network, setup a router (Not a consumer grade router thats plug and play, but a real router with a proper firewall), VPN, Antivirus... The proper way to have a true, multi-step backup solution, as well as mannnnny other things not even listed is a bit much for the average person! It's not just about knowing how to do it, you have to fundamentally understand what it is you're doing and why for it to be effective. And then the upkeep... Some people just want to worry about running their shop and be done with it.

I get it, it's like a tire... everyone should know how to change a tire, everyone should know how to change their own oil... fill up their tires, etc... A lot of people don't though, and they don't care about learning.

Schools have started to teach more about technology, some have even incorporated programming in the classroom... I think in 20-30 years we'll get to the level where everyone can do what I'm sure you and I both consider Basic stuff... but until then, it's like learning a foreign language to some people.


One day we'll get there, but I don't think that days today!

Just an example... We do a lot of insurance decals. We call a certain type day decals... It goes from 1-31, and we print hundreds of each. EVERY week the old lady who runs the decal printer calls me in because she forgets how to change the # in the label system. You literally just double click it and type in a new number... But she can't wrap her mind around it. she'll do it for a day, then next week when we're running them again... I get a phone call that the machine is broken and wont change numbers.... everytime I go look...and I just double click and change it.

There are some people who are computer illiterate, and they dont want to / can't learn. It's just not their thing... Not everyone can be good at everything, theres tons of basic stuff I should know, but I just cant do as well!