It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

My friends business was just hacked now info being ransomed for bitcoin

page: 2
4
<< 1   >>

log in

join
share:

posted on Jun, 14 2019 @ 07:35 PM
link   
It's hard finding good IT folks- at least around here.

I spent two years trying to hire help, even offering 60k salary in a state with 35k median you never got anyone good. The guy they wound up hiring against my will was stumped by a dns server not handing out the correct dns entries on day one... he was hired at 72k a year.

In consulting, like your friend would need, he's going to pay a minimum of $150 an hour. To properly lock down a network, he's probably looking at someone charging more than 200 an hour, since they'd need to have at least a half dozen years experience... and he'll be buying a $500 firewall with a $100+/yr contract.
For a construction company, the computer probably isn't all that important. If it is, it honestly doesn't need the internet- keep it offline, have another for email. Buy used latitude laptops or optiplex desktops- they're dirt cheap off lease.
Get in the habit of backing up important stuff- most small companies outsource their finances to a quickbooks guy, they'll usually keep monthly backups for all of their clients.

I should go back into freelance consulting from a security standpoint... there's so much the average IT consultant just doesn't do right.




posted on Jun, 14 2019 @ 09:02 PM
link   
a reply to: lordcomac

That's a sorry state of affairs if its representative of the training of all IT professionals, I have been out of the field for over 15 years so perhaps its deteriorated somewhat. It certainly gives weight to outsourcing web presence to web host that can at least backup the data nightly.

Yes they need you as a freelance consultant.



posted on Jun, 14 2019 @ 10:16 PM
link   

originally posted by: Moohide
a reply to: Quantumgamer1776

Lesson number one: Always save and back everything up on another drive, especially if it his business data.

If a company is working on it then i hope your friend gets it all back.


If you have write access to the drive upon which the backups are stored, then the backups will all be encrypted, too. That is how ransomware works.

Usually, the dropper program for the ransomware breaks backup functionality for known backup types (like breaking shadow copy and deleting the executables of backup software), and deleting the files used for anti-malware, as well as encrypting all files not locked by active processes. In other words, before the encryption process begins, they ensure that every backup they can touch is useless, that there is no restore process and that no anti-malware can block them from encrypting.

Only offline backups, like backups to removable media, are secure. This is why it is wise to have multiple backup processes to multiple media, with some of them being offline and even off-site.

Even cloud storage like Dropbox or OneDrive are not safe against ransomware.



posted on Jun, 14 2019 @ 11:02 PM
link   
a reply to: chr0naut

You guys need to look at modern backup solutions like vembu and urbackup. The backup server authenticates to the host for backup, not the other way around. This keeps your backups intact. Crypto cannot encypt backups stored on a server it cannot authenticate to.



posted on Jun, 15 2019 @ 01:34 AM
link   
These sort of attacks are pretty common and depending on whats hit can be nothing more than an annoyance.

Proper policies in place such as not opening them darn emails or bringing in usb dongles with lord knows what on them and putting in place measures to mitigate the effects of such incidents in the same way as you'd plan for a fire etc.

For small businesses it might be worth printing off invoices etc so while its a pain to type it all back in you will be able to keep running.

One trick is to create a dumbass program and email it around to various members of staff and see who opens it as you know who needs extra training or a good kick in the balls.



posted on Jun, 15 2019 @ 02:07 AM
link   

originally posted by: drewlander
a reply to: chr0naut

You guys need to look at modern backup solutions like vembu and urbackup. The backup server authenticates to the host for backup, not the other way around. This keeps your backups intact. Crypto cannot encypt backups stored on a server it cannot authenticate to.


True.

But that just changes the vector for who has authenticated write access.

There's really no cheap no-brainer magic bullet, but old-school tapes, with a good retention policy and offsite storage are a resilient and, above all, proven method and not too expensive.

And modern backups are good too. But I wouldn't put all my eggs in one basket.



posted on Jun, 15 2019 @ 02:09 AM
link   

originally posted by: Maxatoria
These sort of attacks are pretty common and depending on whats hit can be nothing more than an annoyance.

Proper policies in place such as not opening them darn emails or bringing in usb dongles with lord knows what on them and putting in place measures to mitigate the effects of such incidents in the same way as you'd plan for a fire etc.

For small businesses it might be worth printing off invoices etc so while its a pain to type it all back in you will be able to keep running.

One trick is to create a dumbass program and email it around to various members of staff and see who opens it as you know who needs extra training or a good kick in the balls.


We all know it's the CEO and their penchant for watching cute cat antics video's.



edit on 15/6/2019 by chr0naut because: (no reason given)



posted on Jun, 15 2019 @ 02:41 AM
link   
This is very common. Hopefully who ever does their IT runs server backups and hopefully everything is domain based.
We offer very specialised protection against ransomware specifically, our clients usually see the price tag and flip out.

Then a couple of months later they phone us in a panic when the ransomware hits and all of a sudden money is growing on trees 🙄 even been able to decrypt a clients files once, rest of the time everything gets restored from backups or they suffer untold losses.

We usually have a good laugh.

PS. I believe there was one incident where the clients paid the ransom and actually received the key to decrypt. Never thought the hostage takers would negotiate and keep their word.



posted on Jun, 15 2019 @ 02:46 AM
link   

originally posted by: drewlander
a reply to: chr0naut

You guys need to look at modern backup solutions like vembu and urbackup. The backup server authenticates to the host for backup, not the other way around. This keeps your backups intact. Crypto cannot encypt backups stored on a server it cannot authenticate to.


Vembu was okay.. switched over to veeam.
It’s great, can recommend.



posted on Jun, 15 2019 @ 07:18 PM
link   
This week I heard a guy from the Portuguese accountants association telling us the case of an accounting company in my town that got their computers encrypted. They contacted a specialised IT company to try to solve the problem, but when they made their calculations they found that what they would have to pay the IT company and the time they would lose recovering the system would be more expensive than paying the ransom, so they contacted the "hackers" and reached an agreement for a lower amount. They paid, got the key and everything is fine now.

I hope they learned the lesson.

PS: in my company we have daily backups that are copied weekly to external disks that are only connected during the copy.



posted on Jun, 15 2019 @ 10:00 PM
link   
Need more info really to even begin to help. Did he have servers? Domain controllers? The latest threat, cryptolocker, attacks from your networks domain controllers. A single computer or two? As long as system restore was turned on, unless the virus disabled it, you can often simply restore a previous version to get your files back. I've recovered many virus encrypted files in the past this way.

Anyone with a business is daft to not have an offsite backup of their data. Onsite can be hit by the virus as well. Also get Sophos. It actually will detect files being encrypted, and will stop it. I do an onsite NAS backup, and then another offsite cloud backup, to avoid this. Also use Sophos, as in my opinion the nastiest threat right now is ransomeware, which encrypts your data.

My last company was hit by a single computer whose updates were not running. Hit our servers, and many computers. System restore and backups removed all traces. Preparation is the real fix. The biggest two threats right now are via email and encryption viruses. So that is where people should focus. A solid spam filter (I use Mimecast), and antivrus - and I prefer Sophos for those encryption viruses. I do NOT prefer what a pain it is to remove the viruses (have to provide a code to clean it up), but it's saved the day many times, so I guess I can't complain too much.
edit on 15-6-2019 by fleabit because: (no reason given)



posted on Jun, 15 2019 @ 10:05 PM
link   

originally posted by: GreenGunther

originally posted by: drewlander
a reply to: chr0naut

You guys need to look at modern backup solutions like vembu and urbackup. The backup server authenticates to the host for backup, not the other way around. This keeps your backups intact. Crypto cannot encypt backups stored on a server it cannot authenticate to.


Vembu was okay.. switched over to veeam.
It’s great, can recommend.


Veeam is what I use as well, it's great. It's not immune however. The only way to be safe (and the only backup solution that makes sense) is to have an offsite backup as well. With Veeam you can get a fairly inexpensive cloud partner. Differentials should be done every night to the cloud after the local backup. People backing up to the cloud once a week makes no sense, unless you don't care about 6 days of work down the tubes.



posted on Jun, 16 2019 @ 01:50 AM
link   
Lol, we have our own.
It’s off-site and requires auth.

Can’t have a couple hundred people backing up to external hdd’s or god knows what.
Data centre is close by so we have a dedicated fibre line, it’s basically local.



posted on Jun, 16 2019 @ 01:52 AM
link   

originally posted by: fleabit
Need more info really to even begin to help. Did he have servers? Domain controllers? The latest threat, cryptolocker, attacks from your networks domain controllers. A single computer or two? As long as system restore was turned on, unless the virus disabled it, you can often simply restore a previous version to get your files back. I've recovered many virus encrypted files in the past this way.

Anyone with a business is daft to not have an offsite backup of their data. Onsite can be hit by the virus as well. Also get Sophos. It actually will detect files being encrypted, and will stop it. I do an onsite NAS backup, and then another offsite cloud backup, to avoid this. Also use Sophos, as in my opinion the nastiest threat right now is ransomeware, which encrypts your data.

My last company was hit by a single computer whose updates were not running. Hit our servers, and many computers. System restore and backups removed all traces. Preparation is the real fix. The biggest two threats right now are via email and encryption viruses. So that is where people should focus. A solid spam filter (I use Mimecast), and antivrus - and I prefer Sophos for those encryption viruses. I do NOT prefer what a pain it is to remove the viruses (have to provide a code to clean it up), but it's saved the day many times, so I guess I can't complain too much.


Intercept X ftw



posted on Jun, 16 2019 @ 09:36 AM
link   
Update:

They got access through his accountant somehow and are asking for roughly 8k in bitcoin.

He did have a backup but it was connected to a computer that day so it was compromised as well.



posted on Jun, 25 2019 @ 11:03 AM
link   
Can't believe no one has posted these yet.
Ransomware Decrypt
Ransomware Decrypt
Ransomware Decrypt
Ransomware Decrypt
Ransomware Decrypt
Ransomware Decrypt
Ransomware Decrypt

All of these are from the first page of a google search.
Google Search


edit on 25-6-2019 by Wolfie0827 because: Spelling.




top topics



 
4
<< 1   >>

log in

join