ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Tags
    3. ransomware
    Log in to post
    • All categories
    • scottalanmiller

      Technologies Begging to be Ransomwared
      IT Discussion • security ransomware • • scottalanmiller

      54
      2
      Votes
      54
      Posts
      915
      Views

      Dashrender

      @scottalanmiller said in Technologies Begging to be Ransomwared:

      @dashrender said in Technologies Begging to be Ransomwared:

      FYI - my experience in all of this is through the use of shares - so if shares aren't enabled.. then I'm guessing you're probably correct due to configuration.

      Shares aren't on by default. But even when they are, nothing is shared out that a local non-admin user could access.

      Yeah, and this is ultimately what saves you - OK now we're on the same page.

      Thanks

    • Pete.S

      Kaseya customers ransomware attack
      News • ransomware • • Pete.S

      23
      0
      Votes
      23
      Posts
      544
      Views

      Obsolesce

      @pete-s said in Kaseya customers ransomware attack:

      @obsolesce said in Kaseya customers ransomware attack:

      Ransomware is a legacy tech concern, not a modern one.

      What do you mean by modern? Are you talking about running kubernetes in the cloud or something else that would not be subject to ransomware?

      I'm not talking about any specific product, e.g. K8s... Even with that, you could still implement poor data storage using legacy practices and technologies.

      Think about it.

      What important company data is being ransomware'd.... where is this data? How is the data presented? How did ransomware effect it? What technologies were used to provide and/or host the data?

    • V

      Sangoma Ransomware
      IT Discussion • sangoma ransomware pbx voip hack security • • VoIP_n00b

      53
      -1
      Votes
      53
      Posts
      1192
      Views

      JaredBusch

      Sangoma has relased an updated (and likely final) statement.

      https://www.sangoma.com/press-releases/sangoma-technologies-provides-update-on-ransomware-attack-expects-no-material-impact-on-sales/

      The second paragraph has the relevant information from an IT point of view.

      00a7b475-033f-4db6-8311-b115d6bb0a47-image.png

    • scottalanmiller

      How Modern Applications Nullify Ransomware
      IT Discussion • security ransomware malware • • scottalanmiller

      4
      5
      Votes
      4
      Posts
      361
      Views

      Emad R

      @scottalanmiller

      Whole article is great but the last 2 lines are 👍 👍

      Shame that NextCloud + OnlyOffice is not really there, I tried it when I was working with MSFF... definitely interesting but needs some time.

    • Ambarishrh

      Evaluating Defender ATP
      IT Discussion • defenderatp windows defender atp microsoft defender atp office 365 security anti-virus antimalware ransomware • • Ambarishrh

      26
      0
      Votes
      26
      Posts
      1701
      Views

      Dashrender

      @marcinozga said in Evaluating Defender ATP:

      @Dashrender said in Evaluating Defender ATP:

      @marcinozga said in Evaluating Defender ATP:

      @Dashrender said in Evaluating Defender ATP:

      @Obsolesce said in Evaluating Defender ATP:

      @marcinozga said in Evaluating Defender ATP:

      @Dashrender said in Evaluating Defender ATP:

      @marcinozga said in Evaluating Defender ATP:

      @Ambarishrh said in Evaluating Defender ATP:

      @marcinozga said in Evaluating Defender ATP:

      I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

      Not sure how did they gave you that info! An average pricing structure as below

      7455634e-b366-4cb5-af6e-859115ac1fcd-image.png

      And security products straight from O365 admin portal subscriptions page:
      560b3413-64e4-4a77-9b6c-27030798a842-image.png

      These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.

      But as mentioned - $15-20 per year is only for typical AV, not an ATP product.

      And the difference between the two is.....? ATP is really just a marketing phrase at this point. Here are some features from "traditional" av:

      malware protection, both behavioral and definition based ransomware protection phishing protection ids/ips device control exploit blocker botnet protection web filtering memory analysis central management, either cloud or local

      And a full forensics audit trail?

      I'm really curious which ones have this stuff for 15-18 times less the cost of Defender ATP?

      I'm having a hard time finding what the real price here is?

      I know that Intune is like $4/user/month. aka $48/user/year. this makes it 2-3 times more expensive than typical AV packages - of course, it gives you a lot more features at that price point.

      The above posts have a dozen different security things listed.

      As @marcinozga says, typical AV with many of the above mentioned features (but not all - and full forensics trails - forget about it) for like $15-20/user/year

      ATP is not available if you have just Intune, you need O365 or M365 Enterprise subscriptions, or Windows 10 Enterprise.
      O365 E3 is $20/mo plus ATP add-on, I think it's $2/mo. I don't know how much is Win 10 Ent, so I'm guessing O365 E3 is the cheapest route, at $22/mo, that's $264 a year. Depending on number of endpoints you can get AV for $15/year, perhaps even less.

      That's an unfair assessment. If you already have O365 E3, then it's only $24/year/user

      Also - is O365 E3 the requirement, or can you add ATP onto E1?

      Is windows 10 Enterprise a requirement of ATP? Things I was reading last night never mentioned that.

      It is fair. What if you don't have O365 because you don't need it or use something else? Other AV don't force you to buy any extra services, you can get AV on a plain vanilla Windows machine.

      From the document I got from Microsoft, E3 is minimum. It's O365 E3 or Windows 10 Ent.

      If you're not in the O/M365 ecosystem already - then you likely wouldn't even consider this plan, you would likely look at another option... so yeah, it's not a fair comparison.

      Now, you could decide, since you are looking at this solution, that you might want to change your other solutions at the same time since MS has these bundled together... but you don't just line item this entire cost all on the ATP project, you split it out.

    • scottalanmiller

      Windows 10 Defender Won't Start After Malware or Ransomware
      IT Discussion • defender anti-virus windows windows 10 malware ransomware • • scottalanmiller

      35
      4
      Votes
      35
      Posts
      772
      Views

      RojoLoco

      @Danp said in Windows 10 Defender Won't Start After Malware or Ransomware:

      @RojoLoco Click the link and read for yourself. Also this -- https://www.cybereason.com/hubfs/ransomfree-EOL-message.pdf

      Well damn...

    • scottalanmiller

      Researchers use Intel SGX to put malware beyond the reach of antivirus software
      News • ars technica intel processor intel sgx malware ransomware security • • scottalanmiller

      3
      1
      Votes
      3
      Posts
      373
      Views

      scottalanmiller

      @stacksofplates said in Researchers use Intel SGX to put malware beyond the reach of antivirus software:

      Did you see what Intel said regarding this:

      Intel is aware of this research which is based upon assumptions that are outside the threat model for Intel SGX. The value of Intel SGX is to execute code in a protected enclave; however, Intel SGX does not guarantee that the code executed in the enclave is from a trusted source. In all cases, we recommend utilizing programs, files, apps, and plugins from trusted sources. Protecting customers continues to be a critical priority for us and we would like to thank Michael Schwarz, Samuel Weiser, and Daniel Grus for their ongoing research and for working with Intel on coordinated vulnerability disclosure.

      Outside of the threat model?.........

      Haha, whatever that means.

    • scottalanmiller

      Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah
      IT Discussion • msp ransomware security breach • • scottalanmiller

      111
      6
      Votes
      111
      Posts
      3240
      Views

      scottalanmiller

      @PhlipElder said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

      @Pete-S said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

      @PhlipElder said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

      @Dashrender said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

      @dafyre said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

      @PhlipElder said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

      All it takes is one absentminded click or drive-by that's completely shielded from us as we go about the day to day stuff and it's done. Game over. Say, "Bubbye".

      There's always going to be that risk or one absentminded click.

      Granted an Air-gapped PWA is a good way to handle it.... but so is not saving passwords in RDP files (I don't do this), and if you use an app like MobaXterm that can encrypt the files for you, use a good pass phrase.

      However if your admin machine is owned, you have bigger issues to start with.

      Well, the idea is that the air-gapped machine won't ever be in a situation to become compromised, is my guess. I haven't had a chance to look at the MS link Philip sent earlier.

      There are several ways to implement with the simplest being the main machine having two VMs installed on it. One for day-to-day and one for client/systems management. Nothing is done on the machine itself with all designated tasks being done in their respective VM.

      We have a number of laptops that came back from client refreshes. So, we're using them as our dedicated management machines. Asus makes a great external USB3 DisplayLink and DisplayPort external monitor that allows for two screens. That makes the work easier.

      There is security leakage between VMs on a client machine for instance over clipboard.

      Have a look at Qubes. https://www.qubes-os.org/

      It's probably the best implementation of security separation to date.

      Using the Hyper-V VM Console without RDS pass-through eliminates any access to the VM beyond console.

      Same with KVM or whatever.

    • mroth911

      Ransomware 2018
      IT Discussion • ransomware • • mroth911

      5
      3
      Votes
      5
      Posts
      585
      Views

      Pete.S

      Ransomware is not fun.

      NotPetya damages were in the 10 billion range. One enterprise I work for at times was down for weeks. Having backup is not enough - you need to be able to access your backup too. When everything is down you don't have any computers to access anything with. Sure you can reinstall but where are your image files? When you do have computers you have no DHCP, no DNS, no AD etc. You have no internet access, no email, no phones. Yeah, backup is not enough. You need an elaborate emergency plan.

    • mlnews

      MS Adds Ransomware Protection to OneDrive
      News • onedrive microsoft ransomware • • mlnews

      38
      1
      Votes
      38
      Posts
      2017
      Views

      BRRABill

      It's a great idea.

      Amazing they haven't had it up until now.

      Makes using OneDrive or ODfB so much easier if you can sync locally.

    • mlnews

      City of Atlanta Shuts Down Due to Ransomware
      News • security ransomware • • mlnews

      24
      1
      Votes
      24
      Posts
      986
      Views

      scottalanmiller

      @dbeato said in City of Atlanta Shuts Down Due to Ransomware:

      I don't even understand why Cisco needed to be involved let alone Microsoft... I guess they don't have an IT Team.

      Yeah, pretty weird. No wonder these companies get compromised, they don't have any relevant staff. It's like getting robbed and realizing you have no facilities people locking the front door!

    • Ambarishrh

      File sharing with sandbox/malware analysis
      IT Discussion • nextcloud filecloud ransomware filesharing • • Ambarishrh

      8
      1
      Votes
      8
      Posts
      1321
      Views

      travisdh1

      Do you have some sort of intrusion detection service running right now? (Wazuh, OSSIM, or one of the paid for solutions?) If you do, between that and the ClamAV, you should be as well protected as you could possibly by.

      Edit: I should specify to never skimp on user training! KnowB4 is a great tool.

    • stus

      [Heads-up] New Ransomware Strain Encrypts Cloud Email Real-time VIDEO
      IT Discussion • ransomware • • stus

      4
      9
      Votes
      4
      Posts
      950
      Views

      Obsolesce

      @stus said in [Heads-up] New Ransomware Strain Encrypts Cloud Email Real-time VIDEO:

      @tim_g We do ! Now 15,000 customers. 🙂

      I meant "your" figuratively 🙂

    • Ambarishrh

      Ransomware Detection Service- Anyone tried this?
      IT Discussion • ransomware nomoreransomware • • Ambarishrh

      8
      1
      Votes
      8
      Posts
      864
      Views

      Dashrender

      @dbeato said in Ransomware Detection Service- Anyone tried this?:

      @dashrender said in Ransomware Detection Service- Anyone tried this?:

      @scottalanmiller said in Ransomware Detection Service- Anyone tried this?:

      @tim_g said in Ransomware Detection Service- Anyone tried this?:

      Haven't looked at that.

      The best way to prevent ransomware is to keep your systems up to date.

      Next is to have decent AV and use good file permissions practices.

      Above that is LANless design. Ransonware primarily preys on LAN-based Windows network design for its ability to spread.

      Actually, typical ransomware doesn't spread. It simply encrypts everything it can write too. Most of them are not worms.

      Just wannacry 🙂

      lol, of course, making it one of, if not, the worst ones.

    • mlnews

      NextCloud Introduces a Ransomware Protection App
      News • nextcloud security malware ransomware • • mlnews

      5
      6
      Votes
      5
      Posts
      1448
      Views

      scottalanmiller

      @stuartjordan said in NextCloud Introduces a Ransomware Protection App:

      That is Great to hear, they are constantly developing on the project.

      They really are. It's very busy.

    • Oksana

      Protecting your IT infrastructure against ransomware with StarWind Cloud VTL for AWS and Veeam
      Starwind • starwind cloud vtl veeam aws virtual tapes backup ransomware cloud storage amazon s3 data protection data recovery • • Oksana

      1
      3
      Votes
      1
      Posts
      907
      Views

      No one has replied

    • DustinB3403

      A vaccination for Petya
      IT Discussion • ransomware petya • • DustinB3403

      3
      4
      Votes
      3
      Posts
      871
      Views

      DustinB3403

      Here is a batch file for anyone who wants to do this "lazily"

      @echo off REM Vaccince for NotPetya/Petya/Petna/SortaPetya. echo Administrative permissions required. Detecting permissions... echo. net session >nul 2>&1 if %errorLevel% == 0 ( if exist C:\Windows\perfc ( echo Computer already vaccinated for NotPetya/Petya/Petna/SortaPetya. echo. ) else ( echo This is a NotPetya/Petya/Petna/SortaPetya Vaccination file. Do not remove as it protects you from being encrypted by Petya. > C:\Windows\perfc echo This is a NotPetya/Petya/Petna/SortaPetya Vaccination file. Do not remove as it protects you from being encrypted by Petya. > C:\Windows\perfc.dll echo This is a NotPetya/Petya/Petna/SortaPetya Vaccination file. Do not remove as it protects you from being encrypted by Petya. > C:\Windows\perfc.dat attrib +R C:\Windows\perfc attrib +R C:\Windows\perfc.dll attrib +R C:\Windows\perfc.dat echo Computer vaccinated for current version of NotPetya/Petya/Petna/SortaPetya. echo. ) ) else ( echo Failure: You must run this batch file as Administrator. ) pause
    • stus

      [ALERT] Looks Like A New Worldwide Ransomware Outbreak
      IT Discussion • security malware ransomware knowbe4 knowbe4 blog windows patching zero day • • stus

      2
      3
      Votes
      2
      Posts
      1015
      Views

      Danp

      @stus Thanks. Was just reading about it here.

    • scottalanmiller

      Patch Fast
      IT Discussion • article scott alan miller patching smbitjournal malware security ransomware • • scottalanmiller

      14
      6
      Votes
      14
      Posts
      2076
      Views

      scottalanmiller

      Never used this but take a look...

      http://www.smikar.com/

    • mlnews

      Telefonica Hit with Ransomware
      News • malware security ransomware bleeping computer • • mlnews

      17
      3
      Votes
      17
      Posts
      2277
      Views

      scottalanmiller

      I mean I know it all sucks and it would be awesome if all the right people got all the right info and took all the right actions. but they don't and won't. So we need to push everyone that we can to do what they can. It's just what we have to work with.