Backup File Server to DAS
-
People would stop paying if they didn't give it up.
We have Sophos, UTMs, and our Palo Altos doing some blocking yet we've still had one case of it. It was the user being dumb. We didn't pay it though, her punishment was to redo her work she didn't save on the network like she should have.
We a public traded company so we had to do a share holder release just for that though.
-
@coliver said:
@DustinB3403 said:
@coliver But it is completely backwards.
To think, oh hey I'm being ransomed for my data. He doesn't specify a value. Just that the ransoming is occurring, the value could be $300US.
Which might be @IT-ADMIN said:
lol, it depend, there are some ransom who demand too much $
Rather than saying "We need to build a solution to prevent this from occurring, or doing everything in our power to get around the issue of being cryptolocked"
Right... no problems with what you are saying. But Isn't there a point for you where the ransom would outweigh the value of the data? It may not be till $100,000,000 but you would get to that point. What @IT-ADMIN is saying is correct some ransoms will demand too much.
In theory, but is that a known risk?
-
@DustinB3403 said:
@coliver the ransom maker is trying to make money.
There is no benefit to them to make a ransom that's obscene. Unless you value your data so little that you'd be just fine without it.
The entire point of the ransom where is to entice people to need their data (value it) to the point where the ransom is reasonable.
Agreed. But how is the ransomer (Chrome says that is a word) going to know where that cut off point is? For some companies it could be 100$ for others it could be significantly more. Just thought it was an interesting idea.
-
@coliver said:
@IT-ADMIN No need to apologize. Even if you were joking it brings up an interesting point. That there is a point where the value of the data doesn't match the value of the ransom. So it would be less expensive to never see that data again then simply pay the ransom, or build a system to protect yourself against it.
Exactly, at what point is the ransom cheaper than the protection?
-
@coliver said:
@IT-ADMIN No need to apologize. Even if you were joking it brings up an interesting point. That there is a point where the value of the data doesn't match the value of the ransom. So it would be less expensive to never see that data again then simply pay the ransom, or build a system to protect yourself against it.
yeah, this is what i mean,
also @DustinB3403 make a good point, the ransom demand a reasonable price so that people can afford, because even the ransom will not benefit form the data itself, his concern is wining money -
@coliver said:
@DustinB3403 said:
@coliver the ransom maker is trying to make money.
There is no benefit to them to make a ransom that's obscene. Unless you value your data so little that you'd be just fine without it.
The entire point of the ransom where is to entice people to need their data (value it) to the point where the ransom is reasonable.
Agreed. But how is the ransomer (Chrome says that is a word) going to know where that cut off point is? For some companies it could be 100$ for others it could be significantly more. Just thought it was an interesting idea.
They guess, normally at a pretty small number so that essentially everyone pays.
-
@IT-ADMIN 's company has shown that their data is next to valueless. They don't care about investing in a proper backup solution (no offence @IT-ADMIN) or even the licensing to ensure their servers won't die if they are restored from a backup solution. So if they do get ransomware on those machines they may determine that since they did nothing to prevent it (or prevent more likely issues like hardware failure) then it isn't worth the ransom.
-
@scottalanmiller said:
@coliver said:
@DustinB3403 said:
@coliver the ransom maker is trying to make money.
There is no benefit to them to make a ransom that's obscene. Unless you value your data so little that you'd be just fine without it.
The entire point of the ransom where is to entice people to need their data (value it) to the point where the ransom is reasonable.
Agreed. But how is the ransomer (Chrome says that is a word) going to know where that cut off point is? For some companies it could be 100$ for others it could be significantly more. Just thought it was an interesting idea.
They guess, normally at a pretty small number so that essentially everyone pays.
Right, I understand that. Just trying to go through an idea.
-
@IT-ADMIN said:
because even the ransom will not benefit form the data itself, his concern is wining money
Not necessarily true.
-
-
@IT-ADMIN said:
at least in our case, may other companies have data that can be sold maybe ?
Well, yeah. Many companies get hourly attempted attacks just for such a thing.
-
@Jason said:
@IT-ADMIN said:
because even the ransom will not benefit form the data itself, his concern is wining money
Not necessarily true.
Jason the ransom demand maker generally isn't trying to sell trade secrets, they might get lucky and encrypt someone with this kind of information.
But they aren't copying the data. They're simply encrypting it locally, and passing the decryption key to their server(s).
So it is true... the ransomers' are not profiting from the data, only from the ransom.
-
@DustinB3403 said:
Jason the ransom demand maker generally isn't trying to sell trade secrets, they might get lucky and encrypt someone with this kind of information.
But they aren't copying the data. They're simply encrypting it locally, and passing the decryption key to their server(s).
So it is true... the ransomers' are not profiting from the data, only from the ransom.
That's not true in every case.. some have been found to upload the data.
-
I've yet to see a Cryptoware variant that exports data off of a victims system.
Please name 1.
This malware needs to act quickly. It doesn't have time to dick around and upload potentially TB or more of data to encrypt it.
Just stop trolling, because you clearly are.
-
@IT-ADMIN said:
@Jason said:
@IT-ADMIN said:
because even the ransom will not benefit form the data itself, his concern is wining money
Not necessarily true.
at least in our case, may other companies have data that can be sold maybe ?
No financial data? Nothing private that the company would not want divulged? No customer data?
-
OK, can a restore point decrypte the ransomed data ??
-
@DustinB3403 said:
@Jason said:
@IT-ADMIN said:
because even the ransom will not benefit form the data itself, his concern is wining money
Not necessarily true.
Jason the ransom demand maker generally isn't trying to sell trade secrets, they might get lucky and encrypt someone with this kind of information.
But they aren't copying the data. They're simply encrypting it locally, and passing the decryption key to their server(s).
So it is true... the ransomers' are not profiting from the data, only from the ransom.
That is generally true but not universally.
-
@DustinB3403 said:
I've yet to see a Cryptoware variant that exports data off of a victims system.
Please name 1.
This malware needs to act quickly. It doesn't have time to dick around and upload potentially TB or more of data to encrypt it.
Just stop trolling, because you clearly are.
Yes, I'm trolling when we have a IT forenstics team that looks into our attempted attacks. We know what goes on with these, we've looked into it heavily.
-
@IT-ADMIN said:
OK, can a restore point decrypte the ransomed data ??
Not decrypt! Nothing can decrypt except the key that you get when you pay the ransom.
If you roll back to BEFORE the data was encrypted AND the restore point itself was not encrypted then you are okay.
-
@DustinB3403 said:
This malware needs to act quickly. It doesn't have time to dick around and upload potentially TB or more of data to encrypt it.
Thats not true. It needs to encrypt quickly. Once encrypted it has free time to upload all that it can.