|
Post by oldnjplayer on Jan 4, 2022 11:02:29 GMT -5
the y2k thread got me to thinking. There are people on this board that seem to have expertise in Programming etc (of which I know nothing). I have always wondered how hard is it for companies to protect against ransomware? How would it be done ?
Just wondering.
|
|
|
Post by Vibroluxer on Jan 4, 2022 11:14:36 GMT -5
To add, how do the bad guys find a companies servers to kidnap? I mean, they don't find them while walking down the street.
|
|
|
Post by Larry Madsen on Jan 4, 2022 11:30:00 GMT -5
Pretty hard it seems. Our payroll system was taken over and held for ransom.
We simply reverted back to the prior system.
Still tracking time in that system plus on paper until they work out any bugs.
Pretty wild, but I can vouch for the fact that it happens.
|
|
|
Post by Peegoo 🏁 on Jan 4, 2022 11:43:56 GMT -5
You cannot completely prevent it, but you can 'harden' your network to deter the bad actors to go find a softer target. The first thing is automatic backups to at least three formats (local storage and cloud x2, etc.). You use measures like controlled access (required strong passwords), hardware and software firewalls, intrusion detection that does auto shut-down, and other stuff. You have more than one person that knows how to admin your network to the nth degree.
Perhaps most important is user policy that includes measures such as "absolutely no thumb drives allowed. Never plug a personal USB-charge device like a vape into a company computer or peripheral," etc. Ransomware and virus/malware is often introduced by unwitting employees in this manner. The employees that use the network are the weakest link and biggest threat in the security chain because doing something seemingly innocuous like sticking a thumb drive into a machine can infect an entire network in seconds.
There are many vendors that sell things like thumb drives and USB chargers that contain malicious software. Never buy no-name IT gear simply because it's cheap. It's a liability. Buy brand names from reputable dealers. The additional cost is worth it.
|
|
|
Post by Peegoo 🏁 on Jan 4, 2022 11:52:20 GMT -5
To add, how do the bad guys find a companies servers to kidnap? I mean, they don't find them while walking down the street. Here's one example: they target them by going to the company Web page and attempting to login as an admin, using software that does automatic password cracking that contains glossaries of letter/text strings. These automatic programs run 24/7 until they either gain access or the crook gives up. This is the primary reason you should never use a password that contains text strings found in any dictionary.
|
|
|
Post by oldnjplayer on Jan 5, 2022 11:36:20 GMT -5
Thanks as always PeeGoo for your insights.
|
|
|
Post by themaestro on Jan 5, 2022 14:13:20 GMT -5
Many ransomware intrusions are caused by employees clicking on a link in an email they received. The email looks legit and appears to have come from another employee or a vendor that works with the company. The email contains a web link. However what the link says and where it actually goes can be two different places. The link can either download malware or it can asks for sensitive information that can be used to breach the company computers.
This is called a phishing attack. It's really hard to keep employees from clicking on embedded links, even after training class tells them not to. After all, the email looks legit.
The bottom line for EVERYONE is to NEVER click on web links contained within emails or text messages. If you feel you need to go the link, open up a browser and TYPE the link in yourself. The same thing goes for phone numbers. If an email says it is from, say, your bank, and says there is a problem, please call this number, don't do it. Go lookup your bank's real number and call that number instead.
|
|
gbfun
Wholenote
I eat cookies to provide you with the best possible experience.
Posts: 463
|
Post by gbfun on Jan 6, 2022 4:37:41 GMT -5
Themaestro is right on with the most likely entry point. Follow this without exception. And any usb device with memory on it that is attached to the network at work or to your personal computer is probably the next likely. Avoid used computers and phones if you don't completely wipe them clean first and you need to know what you're doing...exactly. Avoid "bargain" or "gift" tablets, computers and phones. Chances are, bad stuff is hidden so well, you can't see it or remove it. And individuals and organizations need to monitor, monitor, monitor because a lot of attacks have signatures that can be recognized with experience, and often without the monitoring activity, might not be caught at all. My broker just transferred my money to the wrong account. I monitored and caught it before the money got removed from the system by someone who might have really enjoyed their Xmas this year. Sure it's time consuming and tedious but it might pay off bigtime...as it did here. The same thing with computer security. Monitor, monitor, monitor and don't click on ANYTHING you haven't pondered how risky it is first. I hesitate even on this site ! So far so good... Always call and go to sites DIRECTLY if there is any doubt. And yes, emails can look VERY legit...but aren't. And consider having special low limit checking accounts if you use debit cards...just for the internet. I cancel my card every year or so and get a new one. And consider having a special "internet" computer just for accessing the internet, and keeping your personal stuff on a separate computer. Same with your phone. In other words, isolate the stuff that doesn't need the internet, as much as you can from the internet. All of this won't protect anyone completely, but it will certainly reduce the odds. It's a war. And with every new product hooked to the internet or using remote signals, it widens. Beware of early new tech ! Notice I didn't mention backups. They don't, of course, prevent anything. But they can cost more, suck up more time, and in the end...fail or be incomplete to the point a great deal of time and effort is required to get back to normal. Trust me, it is FAR better to prevent trouble than to try and clean up computers. Been there, done that as a career. Doing that for FREE...sucks ! Last but not least...again...don't click on web links ! Or work with clueless dummies who do. That last part is the tough one ! But we've also got some bad programmers out there too, constantly creating new vulnerabilities. So really, just be LUCKY. And take some solace from the dummyfest of 2020, in that the hackers have so many potential victims out there that it will take them 50 years to get to YOU. And they'll be too late. That's my basic plan really.
|
|
|
Post by HeavyDuty on Jan 6, 2022 7:56:23 GMT -5
gbfun , is there something about USB devices that make them particularly vulnerable?
|
|
|
Post by themaestro on Jan 6, 2022 8:07:14 GMT -5
RE: USB devices.They can store executable files. Also many computers are configured that if they see an executable program on a just-plugged-in USB stick, they immediately run the program. This setting can be changed to not do that. The same thing with CD and DVD drives.
|
|
|
Post by reverendrob on Jan 6, 2022 8:33:55 GMT -5
USB drives aren't sandboxed on insertion - so...it inherits whatever permissions the person or machine it's plugged into has.
Once it's there, it can copy whatever, run whatever program, and wreak havoc.
It may also infect any other drives or devices plugged into it, sort of the equivalent of a computer STD.
Don't let your friends plug devices into your stuff.
Don't let anyone plug devices into your stuff.
This also applies to flash memory cards as well, in case you're not thinking - all a memory card is is a USB stick without the USB plug attached.
Physical access to a machine effectively guarantees it can be compromised by someone even vaguely competent.
|
|
gbfun
Wholenote
I eat cookies to provide you with the best possible experience.
Posts: 463
|
Post by gbfun on Jan 7, 2022 4:31:11 GMT -5
Couldn't have said it better !
|
|
|
Post by reverendrob on Jan 7, 2022 13:37:14 GMT -5
Also, a big one I need to note: DO NOT LET ANYONE CHARGE ITEMS LIKE PHONES, MP3 PLAYERS, ETC on computers.
DO NOT DO NOT.
In a perfect world, NEVER do your own on one either.
That's a vector - the phone gets popped, you're a known quantity, and it's preloaded with ugly to eat your network or your work network.
That goes for ANYONE on site.
The pizza guy. The network guy.
I used to explain this stuff to clients...while sticking colored drives in their workstations.
When I was done I'd shame those who were just nodding along.
|
|
|
Post by Seldom Seen on Jan 7, 2022 17:23:42 GMT -5
Another MT2 thread dripping with good information and sound advice. Years ago, my fledgling company was infected with a virus initiated by a an employee clicking a link from his wife’s employer. It wiped us out but we had enough backup data to survive. The impact of lost work product and file data affected us for years. We immediately increased our security and began daily backups, first with local servers and, later, with cloud-based backup. Even in retirement, the spector of a ransomware attack strikes fear to my core.
|
|
|
Post by HeavyDuty on Jan 7, 2022 17:43:29 GMT -5
Ok, I was thinking gbfun implied using USB devices made phishing links more dangerous, not that it was a separate attack method- I misread what he was saying. I agree about the risk of USB devices, we beat on our people about that.
|
|
|
Post by Larry Madsen on Jan 7, 2022 18:27:22 GMT -5
DO NOT LET ANYONE CHARGE ITEMS LIKE PHONES, MP3 PLAYERS, ETC on computers. It would go without saying, I suppose, plugging a phone into your computer for ANY reason could lead to the same result. Say I want to load some PICs from my phone to my computer ... plugging the phone into the computer is a no-go? Safer maybe to email the PICs from the phone to an email address then opened on the computer?
|
|
|
Post by reverendrob on Jan 8, 2022 14:12:47 GMT -5
Email or use a file transfer utility that doesn't require access.
Your phone is an easy mark if you're high value.
|
|