Discussion on:
View:
Show:
Hey Michael, I'm planning on giving a Malware What is it and how to remove it presentation for our company. I just added the same screen shots on ransomware (from a different source) today. I think one of the key things is to have good backups, then worst comes to worst you can restore and be back up in operation.
Just as long as you get rid of the malware. Not sure if you looked at the Symantec report. It is full of decent information.
Windows SteadyState runs on WInXP and is free. I don't know if it runs on Win7/8. Once can also use DeepFreeze. I mean these will defeat all viruses and malware and I have often wondered, how these products did not cripple the AV industry and render them almost irrelevant. It seems like they were never widely adopted. But that is the prevention side of it. And then to defeat the infected, one could possibly use ERD Commander. Many years ago I contemplated creating a network which could not be infected. It seemed possible, but at the time the features and resources did not exist. Today one company has already built one part. I am shocked and amazed and disappointed that it was not my company. That it was even possible was a joke with my friends. And part of it involved creating a complete mirrored virtual network. Users would work the on virtual network, with something like deepfreeze and IDS/IPS and then only secure scanned files could be saved to the physical network. There are a few more pieces to it, but too much to detail here. I hope if someone beats me to whole deal, they will invite me to work for the company:)
I am old enough to not use words like all or never. Right now there is enough low-hanging fruit for the bad guys. So why bother with those putting up defenses is more accurate, I am afraid.
The government can be darned serious about things, but no way would they use exclamation marks like you see in the graphics.
In fact the whole premise is wrong. You broke a law but they'll let you pick up where you left off by paying 200 bucks? Not likely. They also wouldn't lock your computer, they'd pay you a visit, and confiscate the machine as evidence.
Not that a victim would think of any of that when faced with such a situation. The best we can do is try to make everyone aware of this vector and to take a deep breath and think rationally in the event they're faced with something like this.
Alternately, Michael could just post an article predicting the end to all malware, and an enveloping breakout of world peace while were at it.
In fact the whole premise is wrong. You broke a law but they'll let you pick up where you left off by paying 200 bucks? Not likely. They also wouldn't lock your computer, they'd pay you a visit, and confiscate the machine as evidence.
Not that a victim would think of any of that when faced with such a situation. The best we can do is try to make everyone aware of this vector and to take a deep breath and think rationally in the event they're faced with something like this.
Alternately, Michael could just post an article predicting the end to all malware, and an enveloping breakout of world peace while were at it.
Your powers of observation serve you well. I wish my predictive powers were as good.
There's always a typo or something like that in these messages that show them to be fake, but people like us who notice them wouldn't be stupid enough to be taken in by them in the first place.
If someone with some common sense read the message above, he/she should notice the Indistinctness. Regardless of what name is given to such app, treat it just like any other malware or virus. In other words, keep your machine secure following the necessary standard.
Unless i missed the point, to me as a 'dumb' end user, it IS just another malware that i am stopping from getting into my computer by keeping my computer up-to-date, using proper antivirus app, not clickign on email link just cause it says so :P.... etc...
I do not wish to repeat list of recommended methods to stay safe online, (discussed by security Pundits around the world). but you get the point...
Unless i missed the point, to me as a 'dumb' end user, it IS just another malware that i am stopping from getting into my computer by keeping my computer up-to-date, using proper antivirus app, not clickign on email link just cause it says so :P.... etc...
I do not wish to repeat list of recommended methods to stay safe online, (discussed by security Pundits around the world). but you get the point...
If you look at the Symantec report:
"This particular variant charges $200. Over a period of approximately one month of activity, from September to early October, 68,000 unique infected IP addresses were identified connecting to the C&C server."
68,000 times $200 is not bad, and that was just one month, and one server.
"This particular variant charges $200. Over a period of approximately one month of activity, from September to early October, 68,000 unique infected IP addresses were identified connecting to the C&C server."
68,000 times $200 is not bad, and that was just one month, and one server.
It got by my Norton antivirus software, so don't be so dismissive of those attacked in this way.
And people say human beings are no longer subject to natural selection. It's just been moved up to intellectual selection.
In my last article about computer viruses and biological viruses, how life forms evolved was an interesting topic of discussion.
be an issue as the user accounts should all be on the server, not the individual PC. Get hit at work, call IT and move to a vacant desk to log on and go back to work - that's if it gets through the gateway.
Read the link that Brian mentioned in his comment. And the newer versions are looking for network and external drives.
only connected for the short time it takes to do the back up, not permanently connected. Any system on the network can be damaged either via a virus or power in various circumstances, that's why back up copies are kept on unconnected systems or drives or tapes etc.
Yet, it would not take much for the malware to remain silent until an external drive is attached -- then activate.
helps to follow the back up rules of "back up each day to a different tape and keep the last week of back up" that way you only lose one day's work, maybe two if it hides out.
The real problem is that you are diligent and a vast majority of users just want to do their thing and not be bothered by all this silly stuff.
You suggest user profiles shouldn't be on the computer, that is not a good solution.
Roaming profiles cause more problems than they are worth. I guess you have had minimum exposure to this
Roaming profiles cause more problems than they are worth. I guess you have had minimum exposure to this
managed through an appropriate server, thus it didn't matter what system you were at within the organisation you could log on and do your work. To have every possible user within a section having a logon ID on each computer in the section would require up to 20 to 30 accounts on 20 to 30 systems, not a smart way to do business. And it's all behind the secured gateway, heck most didn't have Internet access as it wasn't needed to do day to day work.
I've worked on facilities where we had over a thousand people working on over a thousand systems in about thirty buildings on the land we used. By having us all log in via the server we could use any computer in any of the buildings.
Most places where I've worked the term 'roaming profile' had been reserved for logging in via a VPN from out in the Internet somewhere. Such access was extremely limited as very few needed access to the corporate network from outside the corporate facilities. This did make running the gateways a lot easier.
At home on my system where I and my son are the only ones to use it it's easy for us each to have our own account.
I've worked on facilities where we had over a thousand people working on over a thousand systems in about thirty buildings on the land we used. By having us all log in via the server we could use any computer in any of the buildings.
Most places where I've worked the term 'roaming profile' had been reserved for logging in via a VPN from out in the Internet somewhere. Such access was extremely limited as very few needed access to the corporate network from outside the corporate facilities. This did make running the gateways a lot easier.
At home on my system where I and my son are the only ones to use it it's easy for us each to have our own account.
Most places I've worked on had the VPN connections handled through the gateway/router/switch so Users only had to manually connect when they're out of office.
Though VPNs are more secure because they're encrypted, hackers will find a way to defeat that encryption, like they say, when you build better security, you make a better hacker.
AD is nice as a convenience, but shouldn't be implemented just out of a concern for security. I've seen Malware infect a user's profile so it got transferred to each and every computer they logged in with.
For some smaller business networks(10 nodes) I don't see the value in forcing my clients to buy an expensive server capable of AD.
Though VPNs are more secure because they're encrypted, hackers will find a way to defeat that encryption, like they say, when you build better security, you make a better hacker.
AD is nice as a convenience, but shouldn't be implemented just out of a concern for security. I've seen Malware infect a user's profile so it got transferred to each and every computer they logged in with.
For some smaller business networks(10 nodes) I don't see the value in forcing my clients to buy an expensive server capable of AD.
sit at the one desk and the one computer, no matter what, so a server isn't needed anyway.
I have worked in some high security locations where there is NO gateway as there is NO Internet access at all, not wi-fi and no laptops or portable devices allowed into the facility. Only the one computer has anti-virus, the one at the security gate used to check all software or electronic data storage items being brought into or leaving the facility. Once a month they conduct a full sweep and check of the whole building and AV check all systems. The only finds they had were in the first year, before they instituted the no storage in or out without checking rule.
It all just shows you need to massage the security to suit the work environment.
I have worked in some high security locations where there is NO gateway as there is NO Internet access at all, not wi-fi and no laptops or portable devices allowed into the facility. Only the one computer has anti-virus, the one at the security gate used to check all software or electronic data storage items being brought into or leaving the facility. Once a month they conduct a full sweep and check of the whole building and AV check all systems. The only finds they had were in the first year, before they instituted the no storage in or out without checking rule.
It all just shows you need to massage the security to suit the work environment.
the FBI can't touch us, their laws don't apply outside the USA.
It's kinda like those emails I keep getting telling me about my UPS package - the only UPS around here is an Uninterrupted Power Supply - and I didn't order one.
It's kinda like those emails I keep getting telling me about my UPS package - the only UPS around here is an Uninterrupted Power Supply - and I didn't order one.
The bad guys alter the ransomware to reflect the country they are working in -- Australia for example:
https://www.staysmartonline.gov.au/alert_service/advisories/cert_australia_warns_of_ransomware_campaign_targeting_australian_organisations
https://www.staysmartonline.gov.au/alert_service/advisories/cert_australia_warns_of_ransomware_campaign_targeting_australian_organisations
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
