Analysis of Locky ransomware
-
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Carnival-Boy said:
I think it's a disgrace that a plan that is advertised as supporting up to 300 users doesn't include group policy support. 300 Office users is a fairly sizeable company in my book.
To be fair, IBM would classify a company of that size as a "home or hobby" business. They don't considered you to be an SMB until you have at least 500 employees and often more like 2,000.
Microsoft sees businesses smaller than IBM does, but 300 is still decently small to most vendors.
Oh brother! Fine, the giants of the world get to make their own minds up.. but come on.. managing 300 users by hand is considered fine? or better yet - who cares? Sigh!
Correct, if you are too small to be seen as profitable, you are too small to care about. That's the bottom line. This is why IBM had that disaster on Spiceworks. When SW told them that they had millions of SMB customers, IBM heard "millions of companies with 2,000+ users" when, in fact, there were about five of that size, tops. I met with IBM's management team in person about this in NYC... they had no idea that there were companies with so few people and "in business using computers." They were amazed... but didn't care as there is no money there.
LOL - that's laughable - "they had no idea that there were companies with so few people... using computers"
If that doesn't tell them how absolutely disconnected from reality they are, nothing does.
No doubt there, but it does highlight how little money there is to be made there. All of the big vendors have a similar idea. The SMB often has this "I'll take my money elsewhere" attitude and the vendors are like "what money?"
Well they aren't wrong about that... most SMBs are so cheap, they won't spend their way out of a paper bag.
Exactly, even if they "have money" you almost never get them to spend it, which in turn makes big vendors ignore them.
Any cold calls from any Vendor just make me never want to use them unless I have no other choice, which never happens. I have enough stuff to do without you calling me to have a conversation and pitch something I will never be interested in.
I never get vendor cold calls. Just use an extension instead of a DID, that normally stops that process.
We have a system that allows for people to search for names and the staff isn't smart enough to not give my name out or just tranfer them over to me anyway. It's a nightmare.
You need HR to make that a security violation. Getting names improperly from people is social engineering.
We have a huge problem with that here! they (the staff) don't understand how bad this is!
You should give them some HIPAA training, perhaps.
Speaking of which, anyone have good resources of example social engineering training? I want to put together some course work for my employees.
KnowBe4 has good materials.
Wasn't this guy on TechTV or am I crazy?
-
@Carnival-Boy said:
Anyway, it's your forum, so in future I will refrain from making any criticisms of Microsoft on Mangolassi.
Did you not see me recommend non-MS technologies? Does anyone criticise MS more than me? I take them to task all the time. Both here and directly. I'm just pointing out that there is a difference between them doing something wrong or badly and them having a similar view of size as us. All of us are small potatoes for them.
-
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Carnival-Boy said:
I think it's a disgrace that a plan that is advertised as supporting up to 300 users doesn't include group policy support. 300 Office users is a fairly sizeable company in my book.
To be fair, IBM would classify a company of that size as a "home or hobby" business. They don't considered you to be an SMB until you have at least 500 employees and often more like 2,000.
Microsoft sees businesses smaller than IBM does, but 300 is still decently small to most vendors.
Oh brother! Fine, the giants of the world get to make their own minds up.. but come on.. managing 300 users by hand is considered fine? or better yet - who cares? Sigh!
Correct, if you are too small to be seen as profitable, you are too small to care about. That's the bottom line. This is why IBM had that disaster on Spiceworks. When SW told them that they had millions of SMB customers, IBM heard "millions of companies with 2,000+ users" when, in fact, there were about five of that size, tops. I met with IBM's management team in person about this in NYC... they had no idea that there were companies with so few people and "in business using computers." They were amazed... but didn't care as there is no money there.
LOL - that's laughable - "they had no idea that there were companies with so few people... using computers"
If that doesn't tell them how absolutely disconnected from reality they are, nothing does.
No doubt there, but it does highlight how little money there is to be made there. All of the big vendors have a similar idea. The SMB often has this "I'll take my money elsewhere" attitude and the vendors are like "what money?"
Well they aren't wrong about that... most SMBs are so cheap, they won't spend their way out of a paper bag.
Exactly, even if they "have money" you almost never get them to spend it, which in turn makes big vendors ignore them.
Any cold calls from any Vendor just make me never want to use them unless I have no other choice, which never happens. I have enough stuff to do without you calling me to have a conversation and pitch something I will never be interested in.
I never get vendor cold calls. Just use an extension instead of a DID, that normally stops that process.
We have a system that allows for people to search for names and the staff isn't smart enough to not give my name out or just tranfer them over to me anyway. It's a nightmare.
You need HR to make that a security violation. Getting names improperly from people is social engineering.
We have a huge problem with that here! they (the staff) don't understand how bad this is!
You should give them some HIPAA training, perhaps.
Speaking of which, anyone have good resources of example social engineering training? I want to put together some course work for my employees.
KnowBe4 has good materials.
Wasn't this guy on TechTV or am I crazy?
What guy? @stus ?
-
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Carnival-Boy said:
I think it's a disgrace that a plan that is advertised as supporting up to 300 users doesn't include group policy support. 300 Office users is a fairly sizeable company in my book.
To be fair, IBM would classify a company of that size as a "home or hobby" business. They don't considered you to be an SMB until you have at least 500 employees and often more like 2,000.
Microsoft sees businesses smaller than IBM does, but 300 is still decently small to most vendors.
Oh brother! Fine, the giants of the world get to make their own minds up.. but come on.. managing 300 users by hand is considered fine? or better yet - who cares? Sigh!
Correct, if you are too small to be seen as profitable, you are too small to care about. That's the bottom line. This is why IBM had that disaster on Spiceworks. When SW told them that they had millions of SMB customers, IBM heard "millions of companies with 2,000+ users" when, in fact, there were about five of that size, tops. I met with IBM's management team in person about this in NYC... they had no idea that there were companies with so few people and "in business using computers." They were amazed... but didn't care as there is no money there.
LOL - that's laughable - "they had no idea that there were companies with so few people... using computers"
If that doesn't tell them how absolutely disconnected from reality they are, nothing does.
No doubt there, but it does highlight how little money there is to be made there. All of the big vendors have a similar idea. The SMB often has this "I'll take my money elsewhere" attitude and the vendors are like "what money?"
Well they aren't wrong about that... most SMBs are so cheap, they won't spend their way out of a paper bag.
Exactly, even if they "have money" you almost never get them to spend it, which in turn makes big vendors ignore them.
Any cold calls from any Vendor just make me never want to use them unless I have no other choice, which never happens. I have enough stuff to do without you calling me to have a conversation and pitch something I will never be interested in.
I never get vendor cold calls. Just use an extension instead of a DID, that normally stops that process.
We have a system that allows for people to search for names and the staff isn't smart enough to not give my name out or just tranfer them over to me anyway. It's a nightmare.
You need HR to make that a security violation. Getting names improperly from people is social engineering.
We have a huge problem with that here! they (the staff) don't understand how bad this is!
You should give them some HIPAA training, perhaps.
Speaking of which, anyone have good resources of example social engineering training? I want to put together some course work for my employees.
KnowBe4 has good materials.
Wasn't this guy on TechTV or am I crazy?
What guy? @stus ?
Kevin Mitnik
Edit: Screensavers baby! I knew it.
-
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Carnival-Boy said:
I think it's a disgrace that a plan that is advertised as supporting up to 300 users doesn't include group policy support. 300 Office users is a fairly sizeable company in my book.
To be fair, IBM would classify a company of that size as a "home or hobby" business. They don't considered you to be an SMB until you have at least 500 employees and often more like 2,000.
Microsoft sees businesses smaller than IBM does, but 300 is still decently small to most vendors.
Oh brother! Fine, the giants of the world get to make their own minds up.. but come on.. managing 300 users by hand is considered fine? or better yet - who cares? Sigh!
Correct, if you are too small to be seen as profitable, you are too small to care about. That's the bottom line. This is why IBM had that disaster on Spiceworks. When SW told them that they had millions of SMB customers, IBM heard "millions of companies with 2,000+ users" when, in fact, there were about five of that size, tops. I met with IBM's management team in person about this in NYC... they had no idea that there were companies with so few people and "in business using computers." They were amazed... but didn't care as there is no money there.
LOL - that's laughable - "they had no idea that there were companies with so few people... using computers"
If that doesn't tell them how absolutely disconnected from reality they are, nothing does.
No doubt there, but it does highlight how little money there is to be made there. All of the big vendors have a similar idea. The SMB often has this "I'll take my money elsewhere" attitude and the vendors are like "what money?"
Well they aren't wrong about that... most SMBs are so cheap, they won't spend their way out of a paper bag.
Exactly, even if they "have money" you almost never get them to spend it, which in turn makes big vendors ignore them.
Any cold calls from any Vendor just make me never want to use them unless I have no other choice, which never happens. I have enough stuff to do without you calling me to have a conversation and pitch something I will never be interested in.
I never get vendor cold calls. Just use an extension instead of a DID, that normally stops that process.
We have a system that allows for people to search for names and the staff isn't smart enough to not give my name out or just tranfer them over to me anyway. It's a nightmare.
You need HR to make that a security violation. Getting names improperly from people is social engineering.
We have a huge problem with that here! they (the staff) don't understand how bad this is!
You should give them some HIPAA training, perhaps.
Speaking of which, anyone have good resources of example social engineering training? I want to put together some course work for my employees.
KnowBe4 has good materials.
Wasn't this guy on TechTV or am I crazy?
What guy? @stus ?
Kevin Mitnik
Kevin has been just about everywhere. One of the most famous people in IT (famous for being locked up without a trial, not for doing anything special.)
-
-
@scottalanmiller said:
@wirestyle22 said:
Edit: Screensavers baby! I knew it.
I don't know what that means.
You never watched the Screen Savers with Leo Laporte? Gah! I loved that show when I was younger.
-
@wirestyle22 said:
You never watched the Screen Savers with Leo Laporte? Gah! I loved that show when I was younger.
Um, no. I think we had a thread recently where we discussed that he was a consumer presenter or something. I can't remember what was determined. Oh yeah, he's a journalist and radio personality and not a tech guy. Very end user, media sensational stuff. Not IT. Not sure why you'd expect me to have watched him. Seems like an odd thing for IT people to have seen. Not odd that some have, but no more than normal people. He does content for non-IT.
-
Leo was/is definitely more gadgets and consumer hobbyists. But I still loved TSS and they did a reboot of it on his site. I don't have enough time to keep up with it but I think it is still going on.
-
@wrx7m said:
Leo was/is definitely more gadgets and consumer hobbyists. But I still loved TSS and they did a reboot of it on his site. I don't have enough time to keep up with it but I think it is still going on.
That's my understanding. I'm sure if you are into gadgets and consumer / prosumer digital gear that it's a great show. I'm oddly not one of those people. I can to IT from the business side, not the tech side, and actually am not into those aspects that people often associate with IT.
-
@scottalanmiller That is interesting, for sure. I think a ton of IT people are into gadgets and most technology in their non-professional lives as well. I sure as hell am.
-
@wrx7m said:
@scottalanmiller That is interesting, for sure. I think a ton of IT people are into gadgets and most technology in their non-professional lives as well. I sure as hell am.
It's not that I dislike gadgets, but to a massively lower degree than most any IT people that I meet. But on the other hand, I've always had enterprise servers and a networking rack in my home even in the 1990s. I live the IT stuff, but I have loved it as a business tool, even going back to being a kid. When I learned programming, it wasn't to make games someday, it was because I wanted to do database drive business applications.
That's why a Fortune 100 picked me up at 13. I was doing database work, not just fiddling around.
-
For example, I like a new, fast desktop just like everyone else. But I really get excited about cost effective desktop purchasing and long term support and stuff.
I don't have a Raspberry Pi, even thought I love RISC and alternative architectures. No business use case for it, so I don't get excited about it.
-
@scottalanmiller said:
For example, I like a new, fast desktop just like everyone else. But I really get excited about cost effective desktop purchasing and long term support and stuff.
I don't have a Raspberry Pi, even thought I love RISC and alternative architectures. No business use case for it, so I don't get excited about it.
Yeah, I drool when I see datacenters but still love consumer gadgets.
-
@wrx7m said:
Yeah, I drool when I see datacenters but still love consumer gadgets.
See and just that term "consumer gadget" turns me off to them. Even stuff that I do as a consumer, like photography and audiophilia I don't use consumer gear, never have. My first camera was a pro rig (got me a newspaper job!!) for example.
-
@scottalanmiller said:
I'm saying that small companies need to be realistic and not think that what they perceive as big is what enormous vendors will also perceive as big. Yes, O365 is crippled here to get bigger customers to spend more, which is probably way more important to MS than the sales of the lesser product to smaller firms. It only takes one large sale to make up for the loss of a great any small ones.
It's not perception, it's an accepted definition of SMB or SME. I find it hard to believe that Microsoft has little interest in the SME market, given that it accounts for half of the UK economy, half of the population, and 99.9% of UK businesses. It may only take one large sale, but there are only 7,000 large companies in the UK (I looked it up). You seem to be basing your opinion on a single conversation with an ignorant IBM employee years ago.
But really what it comes down to is that the more I look into O365, the more it stinks, and the more attractive sticking to old-skool volume licences and on-premise servers becomes. It doesn't matter whether I complain about it on here or keep my mouth shut, it is what it is. It's certainly not the no-brainer that you keep suggesting.
-
@Carnival-Boy said:
It's not perception, it's an accepted definition of SMB or SME. I find it hard to believe that Microsoft has little interest in the SME market, given that it accounts for half of the UK economy, half of the population, and 99.9% of UK businesses. It may only take one large sale, but there are only 7,000 large companies in the UK (I looked it up). You seem to be basing your opinion on a single conversation with an ignorant IBM employee years ago.
SMB's might account for half the population, but I be it accounts for less than 30% of the money spent, and it's probably under 20%. SMBs are historically cheap - unwilling to spend money on solutions, where large companies know they need to spend money to make money - spend wisely, but still spend.
And even if that wasn't true, the costs to cater to 7,000 companies versus 100,000 SMBs is significantly lower, driving profits even higher for the vendor.
You ask nearly any sales person, would they rather make $1000 from 1 customer or $1 from 1000 customers, most will tell you the 1 customer, it takes less effort on their part.
-
@Dashrender said:
SMB's might account for half the population, but I be it accounts for less than 30% of the money spent, and it's probably under 20%. SMBs are historically cheap - unwilling to spend money on solutions, where large companies know they need to spend money to make money - spend wisely, but still spend.
Where do you get that idea from? It's not been my experience. I've worked for large and medium sized companies and have never seen much difference. I supposed SMBs can find it harder to access credit, so have less money for investment.
-
@Carnival-Boy said:
But really what it comes down to is that the more I look into O365, the more it stinks, and the more attractive sticking to old-skool volume licences and on-premise servers becomes. It doesn't matter whether I complain about it on here or keep my mouth shut, it is what it is. It's certainly not the no-brainer that you keep suggesting.
What is it about O365 that you think stinks compared to VL?
Benefits I see off the cuff:
- world class DC (HVAC/Power/air filtering/secure access/multi ISPs)
- backups
- anywhere access
- security
- single panel logon for email/ODfB/SharePoint, etc
- spam filtering
Of course you can get all of these things in a local install as well, but at what cost? At what upgrade cycle?
Picking on one aspect of O365, 50 GB of email storage per user. For my company of 88 employees, would require 4.4 TB of storage. Assuming I did a RAID 6 array for Exchange would require 5x 2 TB drives, $600/drive MSRP = $3000.Assuming this server lasts me 5 years, that's $0.57/person/month.
I currently pay $1.25/person/month for spam/virus filtering.
You start adding all this nickle and dime stuff up and you quickly come over $4/person/month just for hosted exchange. You add in the other benefits of Business edition at $5/person/month - that becomes a non brainer. Getting to E1 is definitely more challenging at $8/person/month for mainly the same features as Business edition - but the potential real win is $20/person/month with E3, assuming you need full local office.
-
@Carnival-Boy said:
@Dashrender said:
SMB's might account for half the population, but I be it accounts for less than 30% of the money spent, and it's probably under 20%. SMBs are historically cheap - unwilling to spend money on solutions, where large companies know they need to spend money to make money - spend wisely, but still spend.
Where do you get that idea from? It's not been my experience. I've worked for large and medium sized companies and have never seen much difference. I supposed SMBs can find it harder to access credit, so have less money for investment.
I have friends who work in fortune 1000 companies, they spend 10's of millions a year in IT. I work for a SMB of 88 people, not counting my salary, we've spent on average around $10,000 a year (counting buying new PCs, servers, switches, etc).
And when I ran a tiny consulting shop... I had places that would spend next to nothing unless they absolutely had to because something died, etc. It was crazy that they would be willing to pay my fee instead of buying a new PC at times.