Analysis of Locky ransomware
- 
 @coliver said: Backblaze keeps a ton of versions of files. I don't remember how many but it is a lot. Backblaze also isn't a sync client. It is a true backup client. I'm just imagining the process of restoring 150GB of data as individual files. Ugh. 
- 
 Remember, in the BackBlaze client, it throttles the upload speed by default. So dive into the settings and you can set it to upload more. I backed up 50GB in a couple of hours from the UK. 
- 
 @Breffni-Potter said: Remember, in the BackBlaze client, it throttles the upload speed by default. So dive into the settings and you can set it to upload more. I backed up 50GB in a couple of hours from the UK. Yep... my parents are on a crappy DSL connection. 
- 
 @BRRABill said: @coliver said: Backblaze keeps a ton of versions of files. I don't remember how many but it is a lot. Backblaze also isn't a sync client. It is a true backup client. I'm just imagining the process of restoring 150GB of data as individual files. Ugh. They'll overnight you a flash drive with your data on it for a fee, if you can't wait for the download. 
 https://www.backblaze.com/blog/4-tb-usb-restore-drives-are-here-yay/
- 
 @Nic said: They'll overnight you a flash drive with your data on it for a fee, if you can't wait for the download. 
 https://www.backblaze.com/blog/4-tb-usb-restore-drives-are-here-yay/$189 isn't actually a bad deal AND you get to keep the drive. I wonder how that works, though. I mean, you obviously don't want the actual backup, as the encrypted files have probably been uploaded. So can you get the previous version of every file? You know what I mean? That seems messy. 
- 
 @BRRABill said: @Nic said: They'll overnight you a flash drive with your data on it for a fee, if you can't wait for the download. 
 https://www.backblaze.com/blog/4-tb-usb-restore-drives-are-here-yay/$189 isn't actually a bad deal AND you get to keep the drive. I wonder how that works, though. I mean, you obviously don't want the actual backup, as the encrypted files have probably been uploaded. So can you get the previous version of every file? You know what I mean? That seems messy. How is it messy? I need the backups from 11/1/2015. They send you a drive with those backups on there. You plug it in and restore. Not sure where the issue is? 
- 
 Well you can go into the console and look at and download individual files. I imagine if you needed a restore from only before the infection date then they'd be able to do that. Let me ping @aaron for more details, since he works for them. 
- 
 @Nic said: Well you can go into the console and look at and download individual files. I imagine if you needed a restore from only before the infection date then they'd be able to do that. Let me ping @aaron for more details, since he works for them. Haha ... I was doing the same thing. He might not get the ping though since it's later in the day. I sent him a PM. 
- 
 This post is deleted!
- 
 @aaron Awesome info. That might just be the solution. 
- 
 Look what hit my quarantine. So I delivered it. OMG! I owe them $298,39 Wait what? comma 39 cents? What the f[moderated] is that. This is an admin email account at a client. If the admin account has it, it is only time before someone does all the things. 
- 
 this is why I turned off Doc and DOCX files via the spam filter. 
- 
 @Dashrender said: this is why I turned off Doc and DOCX files via the spam filter. What if your users legitimately need those files? 
- 
 @BRRABill said: @Dashrender said: this is why I turned off Doc and DOCX files via the spam filter. What if your users legitimately need those files? Much better ways to share documents than through email 
- 
 
- 
 @JaredBusch weird mix of USD and European notation there. 
- 
 @BRRABill said: @Dashrender said: this is why I turned off Doc and DOCX files via the spam filter. What if your users legitimately need those files? Then I can white list them. Luckily - we rarely need those sent through email. 
- 
 @BRRABill said: @wirestyle22 said: Much better ways to share documents than through email Good point. Actually - I would say not good point. What ways are you thinking? Drop Box? Google Drive? OneDrive, ODfB? etc - those are all horrible ways to share files because it's just as easy to get infected by them as it is by email. Heck, the one person I know who got hit by Locky got it through DropBox. He got a notice it had been uploaded - he went and looked - he though HUH, it's odd that it's a word file, because normally it's a PDF - meh, whatever - click - infected! 
 It didn't help that the company used GPOs to remove the prompting about macros, so he didn't even have that protection.
- 
 @Dashrender said: Actually - I would say not good point. What ways are you thinking? Drop Box? Google Drive? OneDrive, ODfB? etc - those are all horrible ways to share files because it's just as easy to get infected by them as it is by email. Heck, the one person I know who got hit by Locky got it through DropBox. He got a notice it had been uploaded - he went and looked - he though HUH, it's odd that it's a word file, because normally it's a PDF - meh, whatever - click - infected! 
 It didn't help that the company used GPOs to remove the prompting about macros, so he didn't even have that protection.It was more a ML concession. I just assumed there was an easy was in ODfB everyone was using I was unaware of. For the most part file sharing like that is a PITA, especially for most users who have no idea. I have to get the file, and share it out, etc.. 
- 
 @Dashrender said: @BRRABill said: @wirestyle22 said: Much better ways to share documents than through email Good point. Actually - I would say not good point. What ways are you thinking? Drop Box? Google Drive? OneDrive, ODfB? etc - those are all horrible ways to share files because it's just as easy to get infected by them as it is by email. Heck, the one person I know who got hit by Locky got it through DropBox. He got a notice it had been uploaded - he went and looked - he though HUH, it's odd that it's a word file, because normally it's a PDF - meh, whatever - click - infected! 
 It didn't help that the company used GPOs to remove the prompting about macros, so he didn't even have that protection.I don't really do any local editing any more. Since I have Zoho I use Zoho Docs (doesn't really matter what service you use), but I use their online software. If I get it in an email, I can open it directly with their Docs apps and edit. 







