|
$$ rule
IT guy I met specializes in supporting law firms. One got hit and paid. Said they had backups but it was cheaper to pay.
I have recovered twice, both hit file servers. Both had current (offline) backups.
How is your DR plan today?
User: Technical term used by developers. See Idiot.
|
|
|
|
|
Pretty good, I think. Up to date air gapped images, and a "no idiots" rule with access to any "real" data, and read only access to that Herself does need.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
That makes no sense at all in so many situations.
These days companies have contracts to deliver, and even contracts to receive. If their data gets locked up they will be in deep sh*t from both sides, not just termination of contracts but probably fines on top of that to boot. It's not like in IT a small project that get's delayed a week, it's contracted fulfilment to customers and suppliers - they can't say "we'll get it to you next week," because it'll cost them their entire business.
The fault lies in putting corporate networks on the internet. Once upon a time in networking classes they used to talk about subnets, private subnets, with defined interfaces that protected their core data (sometimes only connected by a physical data transport). Along came the "access anywhere/anytime" and "the cloud" and in their infinite stupidity the network admins threw private subnetting out the window (and any smidgen of physical separation) in favour of using software access control and encryption..., soft separation, and being soft too damn easy to punch holes through it.
Anyway back to the real world, the business of doing business: 2 choices, pay the ransom, take the hit but keep their customers/suppliers, or your words of wisdom: "Stop. Paying. Ransoms" and go out of business, tell the owners they are now bankrupt and owe millions in fines, and tell the employees they don't have a job any more.
And whose to blame? IT, 100% IT. Crap network admin together with poorly designed access (including the applications that seem to need access made simple & easy).
As the article says the attackers are getting smarter, more surgical in who, what and when the attack, they will know when it matters most (i.e. just about to fulfil a large contracted order...)
"Stop. Paying. Ransoms" - will become even more "not an option."
Signature ready for installation. Please Reboot now.
|
|
|
|
|
Sorry, but you're wrong: "Stop paying ransoms" is the only long term solution. As long as there is a profit in it, they will keep doing it - and some of them aren't too scrupulous about "encryption" rather than "randomization".
If your company doesn't have a good disaster recovery plan which includes a good, solid backup regime, then you are elephanted anyway - it's not just ransomware that can ruin your day. Even in the days of paper, companies went bust because of fires which meant they had no idea who owed them money and who didn't. If you don't prepare for a problem in your core systems - be they paper, people, or computers - then one day you are going to get bitten, and bitten hard.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
True an effective backup is required, but if they don't have that and they have contracts to fulfil then it's pay or die, those are the only 2 options, there is no in-between.
The very next step should be to fire the entire IT department and walk them right out the door (perhaps less practical but they should be damn close to it... the in-charge for sure should be instantly terminated.)
Signature ready for installation. Please Reboot now.
|
|
|
|
|
Lopatir wrote: and they have contracts to fulfil then it's pay or die
Wrong. In the long run, especially if word gets out that the security isn't there, it's "pay AND die".
And firing your entire IT department makes no sense at all. That's just stupid to have your ENTIRE knowledge base walk out the door. Yes, they need training. Yes, they need network and security consultants.
NO, they do NOT need to be lined up and executed. That solves NOTHING as you'll be stuck without an IT department, hiring new people, and having them spend a sh*t ton of time retrain themselves on your environment and reworking it.
System.ItDidntWorkException: Something didn't work as expected.
C# - How to debug code[ ^].
Seriously, go read these articles.
Dave Kreskowiak
|
|
|
|
|
ah the old "to valuable to get rid of me/us/them"
There's no such thing
and with enough experience some day you too might understand that.
Signature ready for installation. Please Reboot now.
|
|
|
|
|
Wrong. You're getting rid of your ENTIRE IT department, not the people responsible for the security. That means all of your application and data knowledge goes out the door too. What did they do to deserve such treatment?
You're putting the entire IT department in one bucket. You're also doing it with the discussion here. We say one thing and you drop it into an "all or nothing" bucket. That's the wrong way to think about things.
System.ItDidntWorkException: Something didn't work as expected.
C# - How to debug code[ ^].
Seriously, go read these articles.
Dave Kreskowiak
|
|
|
|
|
Have a solid image backup in place that runs nightly, swapping media every day.
Then upon infection of any kind you can just restore from yesterday.
|
|
|
|
|
You're right. Protecting yourself against Ransom attacks is not that complicated, even for people who are not totally computer savvy.
Also: I have a second drive in my machine where I store all my data. Data can be backed up by simple copying to a normally disconnected external drive. My systems drive is only for Windows and applications. This means my systems drive images are slim and trim and not bloated with data.
Get me coffee and no one gets hurt!
modified 24-Dec-17 9:39am.
|
|
|
|
|
What can a particular day of the year bring? Over time... many different things and emotions.
Many years ago, today, my great-grandfather passed on. It was long before I was born, but my grandmother - his daughter - wrote a couple of books about her life and said what a sad Christmas it was for her.
As a child, we would spend Christmas Eve with my grandparents, those mentioned above, who lived next door. That is when all of the cousins would gather at their house. What I remember from the house is a coffee table with blue glass - no idea what happened to it, but that is my I remember from those nights.
On this day, in 1990, I traveled to my home town to spend Christmas with my parents; I didn't know then it would be my last Christmas with my mother; she passed 4 weeks later. I am grateful for the time I had with her and cherish the memories of that Christmas.
On this day, 14 years ago, I asked my now wife to marry me; she stills says she didn't say, "Yes", but she did say, "I do".
So, whatever a day may bring over time, it will be mixed with various emotions and memories; I hope and pray that you can find something pleasant in each day to remember.
Tim
|
|
|
|
|
I had to think of my grandmother (father's side) too these days, especially her cooking which was fantastic. No wonder as she was of Belgian origin. She made a very good Flemish stew, called 'hutsepot', which is something totally different than the Dutch 'hutspot', the recipe seems to date way back from the 13th century: Hochepot - Wikipedia[^]
|
|
|
|
|
Specially to all the Hamsters who have-made/make/keep this site such a vibrant community !
Miranda: 'O wonder! How many goodly creatures are there here! How beauteous mankind is! O brave new world. That has such people in't!' ... Shakespeare, "The Tempest," Act V, Scene I cheers, Bill
«While I complain of being able to see only a shadow of the past, I may be insensitive to reality as it is now, since I'm not at a stage of development where I'm capable of seeing it.» Claude Levi-Strauss (Tristes Tropiques, 1955)
|
|
|
|
|
|
|
At least once a year we all should be grateful for not having forgotten to check the Jesus nut:
YouTube[^]
This particular Jesus nut is not a religious fanatic. It's the nut that holds a helicopter's main rotor on the shaft[^].
And I just love the song in the video ("If that jesus nut comes off, you can kiss your a** goodbye.")
I have lived with several Zen masters - all of them were cats.
|
|
|
|
|
I enjoyed this, thanks!
Get me coffee and no one gets hurt!
|
|
|
|
|
I'd like to see someone beat this algorithm for true randomness.
class Program
{
static void Main(string[] args)
{
for (int i = 0; i < 10; i++)
{
var random = BitcoinRandom().Result;
Console.WriteLine(random);
Thread.Sleep(15 * 1000);
}
}
static async Task<double> BitcoinRandom()
{
var client = new HttpClient();
var response = await client.GetStringAsync("https://api.coindesk.com/v1/bpi/currentprice.json");
var data = JsonConvert.DeserializeObject<BitcoinInfo>(response);
return data.Bpi.Usd.RateFloat;
}
}
public partial class BitcoinInfo
{
[JsonProperty("bpi")]
public Bpi Bpi { get; set; }
}
public partial class Bpi
{
[JsonProperty("USD")]
public Currency Usd { get; set; }
}
public partial class Currency
{
[JsonProperty("rate_float")]
public double RateFloat { get; set; }
}
|
|
|
|
|
Wrote and ran that as a joke, but was stunned to see it fluctuate like that every minute or so.
|
|
|
|
|
|
All of the random number generators based on a commodity's price produce "brown" noise - the price varies in a manner similar to Brownian motion.
Any idea how to convert this to "white" noise?
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack.
--Winston Churchill
|
|
|
|
|
There are some things I learn about and I am just amazed.
Charlie Gilley
<italic>Stuck in a dysfunctional matrix from which I must escape...
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
|
|
|
|
|
I prefer the Randall Algorithm[^] myself.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Ok, you asked for it
It's intended for an 8 bit processor and can be asembled for 8 bit random values or for 16 bit. When i tested it. it had a nice Gaussean bell curve distribution, so the random values are indeed random enough for noncritical applications.
; =========================================================================================
; Generates a 16 bit or 8 bit (pseudo) random number
;
; Parameters:
; RF 16 bit random return value
; RF.0 8 bit random return value
;
; Internal:
; RE Pointer to random state
; RD.0 Loop counter
; =========================================================================================
GetRandom: GLO RE ; save registers RE and RD.0 on the stack
STXD
GHI RE
STXD
GLO RD
STXD
LDI lo(RandomState) ; load the address of the random state
PLO RE
LDI hi(RandomState)
PHI RE
IF RandomSize == 16
LDI 10H ; set up the loop counter to shift 16 bits
PLO RD
ELSE
LDI 08H ; set up the loop counter to shift 8 bits
PLO RD
ENDIF
GRA_ShiftLoop: GLO RF ; shift the value in RF
SHL
PLO RF
IF RandomSize == 16
GHI RF ; extend to 16 bits
RSHL
PHI RF
ENDIF
LDN RE ; shift random state
SHL
IF RandomSize == 16
STR RE ; extend to 16 bits
INC RE
LDN RE
RSHL
ENDIF
BNF GRA_BitZero
GRA_BitOne: XRI 0A7H ; XOR over the random state
STR RE
IF RandomSize == 16
DEC RE ; extend to 16 bits
LDN RE
XRI 03EH
STR RE
ENDIF
GLO RF ; add the bit to RF
ORI 01H
PLO RF
LBR GRA_TestLoop
GRA_BitZero: XRI 035H ; XOR over the random state
STR RE
IF RandomSize == 16
DEC RE ; extend to 16 bits
LDN RE
XRI 07AH
STR RE
ENDIF
GRA_TestLoop: DEC RD ; loop until all bits have been shifted
GLO RD
BNZ GRA_ShiftLoop
INC R2 ; restore registers RE and RD.0
LDXA
PLO RD
LDXA
PHI RE
LDN R2
PLO RE
SEP R5
;------------------------------------------------------------------------------------------
; =========================================================================================
; Data
; =========================================================================================
RandomState: db 2 dup (?)
;------------------------------------------------------------------------------------------
I have lived with several Zen masters - all of them were cats.
|
|
|
|
|
What processor? I don't recognize "GLO" and "PLO", etc.
|
|
|
|