ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Topics
    2. Tags
    3. ransomware
    Log in to post
    • All categories
    • OksanaO

      Protect Your Data from 0xxx Ransomware

      Starwind
      • starwind ransomware backup virtual tape library • • Oksana
      1
      0
      Votes
      1
      Posts
      210
      Views

      No one has replied

    • OksanaO

      Top Data Breaches and How to Avoid Them

      Starwind
      • starwind ransomware malware phishing backup starwind virtual tape library vtl • • Oksana
      1
      0
      Votes
      1
      Posts
      258
      Views

      No one has replied

    • OksanaO

      Armoring Your Data: Discover the Power of Object Storage in Ransomware Defense

      Starwind
      • starwind object storage ransomware • • Oksana
      1
      1
      Votes
      1
      Posts
      194
      Views

      No one has replied

    • OksanaO

      Beyond the Basics: How Immutable Backups Safeguard Your Critical Data

      Starwind
      • starwind backup backups data protection ransomware starwind backup appliance • • Oksana
      1
      1
      Votes
      1
      Posts
      254
      Views

      No one has replied

    • OksanaO

      StarWind Free Webinar: Kill Ransomware Dead: 3-2-1-1 Rule & Immutability

      Starwind
      • starwind ransomware cybersecurity • • Oksana
      1
      0
      Votes
      1
      Posts
      223
      Views

      No one has replied

    • OksanaO

      StarWind Free Webinar: How to Protect Backups from Ransomware

      News
      • starwind webinar ransomware backup • • Oksana
      1
      1
      Votes
      1
      Posts
      319
      Views

      No one has replied

    • OksanaO

      StarWind Free Webinar: How to Protect Backups from Ransomware

      Starwind
      • starwind backup ransomware webinar • • Oksana
      1
      0
      Votes
      1
      Posts
      205
      Views

      No one has replied

    • OksanaO

      StarWind Free Webinar: How to Protect Backups from Ransomware

      Starwind
      • starwind backup ransomware webinar • • Oksana
      1
      0
      Votes
      1
      Posts
      212
      Views

      No one has replied

    • scottalanmillerS

      Technologies Begging to be Ransomwared

      IT Discussion
      • security ransomware • • scottalanmiller
      54
      2
      Votes
      54
      Posts
      3.4k
      Views

      DashrenderD

      @scottalanmiller said in Technologies Begging to be Ransomwared:

      @dashrender said in Technologies Begging to be Ransomwared:

      FYI - my experience in all of this is through the use of shares - so if shares aren't enabled.. then I'm guessing you're probably correct due to configuration.

      Shares aren't on by default. But even when they are, nothing is shared out that a local non-admin user could access.

      Yeah, and this is ultimately what saves you - OK now we're on the same page.

      Thanks

    • 1

      Kaseya customers ransomware attack

      News
      • ransomware • • 1337
      23
      0
      Votes
      23
      Posts
      1.7k
      Views

      ObsolesceO

      @pete-s said in Kaseya customers ransomware attack:

      @obsolesce said in Kaseya customers ransomware attack:

      Ransomware is a legacy tech concern, not a modern one.

      What do you mean by modern? Are you talking about running kubernetes in the cloud or something else that would not be subject to ransomware?

      I'm not talking about any specific product, e.g. K8s... Even with that, you could still implement poor data storage using legacy practices and technologies.

      Think about it.

      What important company data is being ransomware'd.... where is this data? How is the data presented? How did ransomware effect it? What technologies were used to provide and/or host the data?

    • V

      Sangoma Ransomware

      IT Discussion
      • sangoma ransomware pbx voip hack security • • VoIP_n00b
      53
      -1
      Votes
      53
      Posts
      4.7k
      Views

      JaredBuschJ

      Sangoma has relased an updated (and likely final) statement.

      https://www.sangoma.com/press-releases/sangoma-technologies-provides-update-on-ransomware-attack-expects-no-material-impact-on-sales/

      The second paragraph has the relevant information from an IT point of view.

      00a7b475-033f-4db6-8311-b115d6bb0a47-image.png

    • scottalanmillerS

      How Modern Applications Nullify Ransomware

      IT Discussion
      • security ransomware malware • • scottalanmiller
      4
      5
      Votes
      4
      Posts
      564
      Views

      Emad RE

      @scottalanmiller

      Whole article is great but the last 2 lines are 👍 👍

      Shame that NextCloud + OnlyOffice is not really there, I tried it when I was working with MSFF... definitely interesting but needs some time.

    • AmbarishrhA

      Evaluating Defender ATP

      IT Discussion
      • defenderatp windows defender atp microsoft defender atp office 365 security anti-virus antimalware ransomware • • Ambarishrh
      26
      0
      Votes
      26
      Posts
      3.6k
      Views

      DashrenderD

      @marcinozga said in Evaluating Defender ATP:

      @Dashrender said in Evaluating Defender ATP:

      @marcinozga said in Evaluating Defender ATP:

      @Dashrender said in Evaluating Defender ATP:

      @Obsolesce said in Evaluating Defender ATP:

      @marcinozga said in Evaluating Defender ATP:

      @Dashrender said in Evaluating Defender ATP:

      @marcinozga said in Evaluating Defender ATP:

      @Ambarishrh said in Evaluating Defender ATP:

      @marcinozga said in Evaluating Defender ATP:

      I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

      Not sure how did they gave you that info! An average pricing structure as below

      7455634e-b366-4cb5-af6e-859115ac1fcd-image.png

      And security products straight from O365 admin portal subscriptions page:
      560b3413-64e4-4a77-9b6c-27030798a842-image.png

      These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.

      But as mentioned - $15-20 per year is only for typical AV, not an ATP product.

      And the difference between the two is.....? ATP is really just a marketing phrase at this point. Here are some features from "traditional" av:

      malware protection, both behavioral and definition based ransomware protection phishing protection ids/ips device control exploit blocker botnet protection web filtering memory analysis central management, either cloud or local

      And a full forensics audit trail?

      I'm really curious which ones have this stuff for 15-18 times less the cost of Defender ATP?

      I'm having a hard time finding what the real price here is?

      I know that Intune is like $4/user/month. aka $48/user/year. this makes it 2-3 times more expensive than typical AV packages - of course, it gives you a lot more features at that price point.

      The above posts have a dozen different security things listed.

      As @marcinozga says, typical AV with many of the above mentioned features (but not all - and full forensics trails - forget about it) for like $15-20/user/year

      ATP is not available if you have just Intune, you need O365 or M365 Enterprise subscriptions, or Windows 10 Enterprise.
      O365 E3 is $20/mo plus ATP add-on, I think it's $2/mo. I don't know how much is Win 10 Ent, so I'm guessing O365 E3 is the cheapest route, at $22/mo, that's $264 a year. Depending on number of endpoints you can get AV for $15/year, perhaps even less.

      That's an unfair assessment. If you already have O365 E3, then it's only $24/year/user

      Also - is O365 E3 the requirement, or can you add ATP onto E1?

      Is windows 10 Enterprise a requirement of ATP? Things I was reading last night never mentioned that.

      It is fair. What if you don't have O365 because you don't need it or use something else? Other AV don't force you to buy any extra services, you can get AV on a plain vanilla Windows machine.

      From the document I got from Microsoft, E3 is minimum. It's O365 E3 or Windows 10 Ent.

      If you're not in the O/M365 ecosystem already - then you likely wouldn't even consider this plan, you would likely look at another option... so yeah, it's not a fair comparison.

      Now, you could decide, since you are looking at this solution, that you might want to change your other solutions at the same time since MS has these bundled together... but you don't just line item this entire cost all on the ATP project, you split it out.

    • scottalanmillerS

      Windows 10 Defender Won't Start After Malware or Ransomware

      IT Discussion
      • defender anti-virus windows windows 10 malware ransomware • • scottalanmiller
      35
      4
      Votes
      35
      Posts
      2.4k
      Views

      RojoLocoR

      @Danp said in Windows 10 Defender Won't Start After Malware or Ransomware:

      @RojoLoco Click the link and read for yourself. Also this -- https://www.cybereason.com/hubfs/ransomfree-EOL-message.pdf

      Well damn...

    • scottalanmillerS

      Researchers use Intel SGX to put malware beyond the reach of antivirus software

      News
      • ars technica intel processor intel sgx malware ransomware security • • scottalanmiller
      3
      1
      Votes
      3
      Posts
      752
      Views

      scottalanmillerS

      @stacksofplates said in Researchers use Intel SGX to put malware beyond the reach of antivirus software:

      Did you see what Intel said regarding this:

      Intel is aware of this research which is based upon assumptions that are outside the threat model for Intel SGX. The value of Intel SGX is to execute code in a protected enclave; however, Intel SGX does not guarantee that the code executed in the enclave is from a trusted source. In all cases, we recommend utilizing programs, files, apps, and plugins from trusted sources. Protecting customers continues to be a critical priority for us and we would like to thank Michael Schwarz, Samuel Weiser, and Daniel Grus for their ongoing research and for working with Intel on coordinated vulnerability disclosure.

      Outside of the threat model?.........

      Haha, whatever that means.

    • scottalanmillerS

      Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah

      IT Discussion
      • msp ransomware security breach • • scottalanmiller
      111
      6
      Votes
      111
      Posts
      12.7k
      Views

      scottalanmillerS

      @PhlipElder said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

      @Pete-S said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

      @PhlipElder said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

      @Dashrender said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

      @dafyre said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

      @PhlipElder said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

      All it takes is one absentminded click or drive-by that's completely shielded from us as we go about the day to day stuff and it's done. Game over. Say, "Bubbye".

      There's always going to be that risk or one absentminded click.

      Granted an Air-gapped PWA is a good way to handle it.... but so is not saving passwords in RDP files (I don't do this), and if you use an app like MobaXterm that can encrypt the files for you, use a good pass phrase.

      However if your admin machine is owned, you have bigger issues to start with.

      Well, the idea is that the air-gapped machine won't ever be in a situation to become compromised, is my guess. I haven't had a chance to look at the MS link Philip sent earlier.

      There are several ways to implement with the simplest being the main machine having two VMs installed on it. One for day-to-day and one for client/systems management. Nothing is done on the machine itself with all designated tasks being done in their respective VM.

      We have a number of laptops that came back from client refreshes. So, we're using them as our dedicated management machines. Asus makes a great external USB3 DisplayLink and DisplayPort external monitor that allows for two screens. That makes the work easier.

      There is security leakage between VMs on a client machine for instance over clipboard.

      Have a look at Qubes. https://www.qubes-os.org/

      It's probably the best implementation of security separation to date.

      Using the Hyper-V VM Console without RDS pass-through eliminates any access to the VM beyond console.

      Same with KVM or whatever.

    • mroth911M

      Ransomware 2018

      IT Discussion
      • ransomware • • mroth911
      5
      3
      Votes
      5
      Posts
      839
      Views

      1

      Ransomware is not fun.

      NotPetya damages were in the 10 billion range. One enterprise I work for at times was down for weeks. Having backup is not enough - you need to be able to access your backup too. When everything is down you don't have any computers to access anything with. Sure you can reinstall but where are your image files? When you do have computers you have no DHCP, no DNS, no AD etc. You have no internet access, no email, no phones. Yeah, backup is not enough. You need an elaborate emergency plan.

    • mlnewsM

      MS Adds Ransomware Protection to OneDrive

      News
      • onedrive microsoft ransomware • • mlnews
      38
      1
      Votes
      38
      Posts
      3.5k
      Views

      BRRABillB

      It's a great idea.

      Amazing they haven't had it up until now.

      Makes using OneDrive or ODfB so much easier if you can sync locally.

    • mlnewsM

      City of Atlanta Shuts Down Due to Ransomware

      News
      • security ransomware • • mlnews
      24
      1
      Votes
      24
      Posts
      1.9k
      Views

      scottalanmillerS

      @dbeato said in City of Atlanta Shuts Down Due to Ransomware:

      I don't even understand why Cisco needed to be involved let alone Microsoft... I guess they don't have an IT Team.

      Yeah, pretty weird. No wonder these companies get compromised, they don't have any relevant staff. It's like getting robbed and realizing you have no facilities people locking the front door!

    • AmbarishrhA

      File sharing with sandbox/malware analysis

      IT Discussion
      • nextcloud filecloud ransomware filesharing • • Ambarishrh
      8
      1
      Votes
      8
      Posts
      1.8k
      Views

      travisdh1T

      Do you have some sort of intrusion detection service running right now? (Wazuh, OSSIM, or one of the paid for solutions?) If you do, between that and the ClamAV, you should be as well protected as you could possibly by.

      Edit: I should specify to never skimp on user training! KnowB4 is a great tool.

    • 1
    • 2
    • 3
    • 4
    • 1 / 4