SoylentNews is people
SoylentNews
There is a particularly devious type of malicious software that locks users out of their own computer systems until an individual agrees to pay a ransom to the hackers. In these cases, the FBI has surprisingly suggested just ponying up the dough.
It's not the type of advice one would typically expected from the FBI, but that's exactly what was recommended by Joseph Bonavolonta, the assistant special agent in charge of the FBI's CYBER and Counterintelligence Program Boston office.
"The ransomware is that good," said Bonavolonta at the 2015 Cyber Security Summit in Boston, as quoted by Security Ledger. "To be honest, we often advise people just to pay the ransom."
Yeah, it's RT, but I did a search, and that or similar headlines popped up on dozens of news sites. I clicked a couple of them, and the stories match. Try this one,
https://thehackernews.com/2015/10/fbi-ransomware-malware.html
Personally, I can almost certainly afford to nuke and reinstall, unless they get my RAID array. Then - I'd have to think hard.
(Score: 5, Informative) by EvilSS on Thursday October 29 2015, @12:16PM
If you don't have good, offline backups and you need the files you won't have much choice. A few of the keys have been recovered over the years but if you are unlucky enough to get hit with this and it's not one that's been exposed yet you're screwed. I've had customers pay to get source code, CAD files, and other IP back. Doesn't help that the ransoms are cheap enough to make it appealing to the companies to just pony up and be done with it. The really frustrating thing is that most of the ransomware doesn't require admin, it will just happily go about encrypting anything on your local machine or network drives that you have RW access to. They also have a bad tendency of just walking right past most antivirus products with no issues at all. We've tested versions we get from customers who have been infected and most of the time none of the big three enterprise products catch it, even with the latest engines and defs. Eventually it gets in the AV definitions but by then the makers have mutated it to get past again.
(Score: 0) by Anonymous Coward on Thursday October 29 2015, @12:45PM
that's because antivirus is the biggest waste of CPU cycles in software history, it's herd immunity for the common virii that gets sent to mailing lists and the like, if you were to be targeted today by somebody wanting to infect your network, they would and it will get past all software defenses, AV vendors would need to have samples of the executables sent to them to then protect others from the same threat, but by that time its too late.
(Score: 0) by Anonymous Coward on Thursday October 29 2015, @03:13PM
I have to agree with this. My company forces one on us, but I can honestly say that it hasn't picked up anything bad in the past 10 years.
Maybe I am just lucky, and I know not to click on those attachments from friends and family that say "look at this!".
At home we use one of the big WebMail services and it is pretty good at finding attachments with malware, so those never get to our PCs.
My kids get malware every so often and they know the standard remediation is wipe and reload...makes them more conscious of what they click on.
I have seen WWW sites that are malicious and don't need clicks to cause problems, but I haven't encountered one....I do keep the browser software uptodate.
(Score: 2) by Hairyfeet on Thursday October 29 2015, @07:15PM
THIS, this right here. I stress to my customers that having multiple backups is critical and with both the prices of BD burners and USB HHDs being so cheap there is really no excuse. For your pictures and documents a single BD can hold more than most users will ever need and can easily be stored in a safety deposit box or a relative's home, and for backing up the entire OS and large data files like videos you can't beat the prices of multi-TB USB HDDs today.
BTW those looking at AVs who want to know which ones are the most likely to catch this crap? ESET and Comodo, every test I've read plus what I've seen with my own two eyes have shown these two to be the most capable, with the added bonus that Comodo is free for personal use. You have to tweak Comodo a little* if you want maximum protection but OOTB it will work pretty damned good and ESET is rock solid and ready to go OOTB but will cost you yearly so it all comes down to personal preference really.
*.- For those that want to know what to tweak here ya go, simply go in and turn on HIPS which is off by default, I usually set it to learning mode long enough to launch all their programs then set it for paranoid mode. Follow this up by telling it to sandbox everything, by default it sandboxes the browser (which is a HUGE benefit as most malware will come through the browser) but unless they are gaming the overhead of simply running everything in a sandbox is pretty trivial compared to the protection it provides. Then finally turn on Comodo Secure DNS which uses the same DNS they use for their server offerings, not only is it fast but they seem to catch recently infected pages a hell of a lot faster than anybody else. If you wish to use another DNS it won't make that much of a difference but the way I see it having phishing and recently infected sites blocked at the DNS level is just one more layer of security on top of the multiple layers Comodo already provides so why not? I have yet to see a customer that I have given this setup come back with so much as a single bug and considering how click happy some of my worst customers are? That is saying a HELL of a lot.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by frojack on Thursday October 29 2015, @07:21PM
If you don't have good, offline backups and you need the files you won't have much choice.
The thing is, it is JUST AS CHEAP to not put yourself in BOTH of those boxes.
For under $250 there are a number of NAS storage products up to 4TB from a multitude of different companies, as well as some off-site "zero knowledge" cloud storage products.
No, you are mistaken. I've always had this sig.
(Score: 2) by EvilSS on Friday October 30 2015, @01:25PM
I completely agree. The problem is two fold. One, most companies don't TEST their backups until they actually need them. This bit two of my customers with Ransomware. They thought they backing everything up but it turned out they were missing certain shares due to misconfigurations. The other problem is that users have a bad habit of putting documents places where they are not supposed to be. Having a doc management solution is worthless if everyone store revisions on their local PCs and never checks them back in. Backing up PCs is usually not in the cards for most enterprise level companies with tens of thousands of devices out there.
(Score: 3, Interesting) by danomac on Thursday October 29 2015, @10:46PM
Someone clicked a bad link in an email and it installed this. It slowly, but surely, started going through the entire workstation encrypting everything it could see, including any network shares. However, it did not spread from there and we caught it relatively quickly.
Our backups saved us for the most part. We did lose some files but none of them critical, things like temporary scratchpad spreadsheets and the like. The only reason our financial data were saved was because it was in use and so the malware couldn't encrypt it.
Having snapshot backups meant we lost only a few hours of work. After that our spam filter was tweaked to not let through emails for services we actually use (they're used internally but never get sent an outside email.) Which is why we got burned... the phishing email came in was from a service we actually use. Well, used. We're moving away from that particular service now, but not because of the phishing attempt, too many other issues with it.