Hollywood Presbytrian held for ransom?

[RobDownSouth]

That would be your "conjecture", wannabe, not mine, since I've never implied that in the least, except in the fabrication shop of your mine.

Once more, for the obviously reading retarded, here is exactly what I posted:

Okay, I'll play, wannabee.

You poof the ransomware executable...yay! It's gone!

Now then, professor, what is the status of the data that were previously encrypted by the ransomware?

Since tortured sentence syntax pseudoexplanations are your stock in trade, I'll simplify matters with a multiple choice answer:

A ) The data are magically unencrypted!
B ) Oh noe...the data are still encrypted!
C ) Both A AND B! Because reasons!
D ) Neither A OR B....I can explain!

Feel free to edumacate us.

 

[VinsCully]

Okay, I'll play, wannabee.

You poof the ransomware executable...yay! It's gone!

Now then, professor, what is the status of the data that were previously encrypted by the ransomware?

If the data is kept completely separate from the operating system, it is never at any risk from the ransomware in the first place.

Try reading one more time, "expert":

Of course, if everyone would simply store their data completely separate from their operating system, this would not be an issue at all, as the OS could easily be reinstalled, which naturally eradicates the ransomware, while the actual data is never at any risk.

Do you need coloring books to help you work it out?

 

[RobDownSouth]

If the data is kept completely separate from the operating system, it is never at any risk from the ransomware in the first place.

Try reading one more time, "expert":



Do you need coloring books to help you work it out?

Absolutely not true.

Again, the ransomware infects data files that it has access to based on the USER'S file permissions.

 

[about_average]

Okay, this is Queerbait-class ignorant and almost Ishmael-class ignorant.

I see Captiain Emptyhead got banned again.

Anyway, his ignorance is twofold, him thinking that all clouds are accessed by things like XXL Cloud, which claims to be impervious to data getting encrypted by ransomware and thinking that "separate from the OS" can only mean behind something like XXL Box.

 

[lovetoread]

Absolutely not true.

Again, the ransomware infects data files that it has access to based on the USER'S file permissions.

The crypto can infect any file that its allowed to see.

If the end user can access all the drives and the machine is connected to the interwebz, it will infect them.

I am confused as to how anyone would think any data connected to the profile would not be infected.

 

[RobDownSouth]

The crypto can infect any file that its allowed to see.

If the end user can access all the drives and the machine is connected to the interwebz, it will infect them.

I am confused as to how anyone would think any data connected to the profile would not be infected.

Encryption takes time, that's the single saving grace if you have a lot of files and a very observant IT dept. Yank the ethernet cable from the workstation where the ransomware executable is running and encryption stops.

I'm having fun getting Eeyore to explain how encryption goes bye bye once teh ransomware executable stops.

 

[lovetoread]

Encryption takes time, that's the single saving grace if you have a lot of files and a very observant IT dept. Yank the ethernet cable from the workstation where the ransomware executable is running and encryption stops.

I'm having fun getting Eeyore to explain how encryption goes bye bye once teh ransomware executable stops.

It will still encrypt the files on the machine - internet or not.

But I love logging onto a machine and seeing that lovely note they put on the desktop telling you that you are encrypted and how to pay the bitcoin and having a user tell me they only go to work related websites.

 

[RobDownSouth]

It will still encrypt the files on the machine - internet or not.

But I love logging onto a machine and seeing that lovely note they put on the desktop telling you that you are encrypted and how to pay the bitcoin and having a user tell me they only go to work related websites.

okay, sorry, you are right.
On computers where data is stored locally, they'll still be encrypted.
At my workplace we have all data on NAS.

 

[lovetoread]

okay, sorry, you are right.
On computers where data is stored locally, they'll still be encrypted.
At my workplace we have all data on NAS.

I'd love it if we went to all users being on VM only.

Would make wiping the machine so much easier.

 

[Paul_Chance]

Keep in mind that there are multiple types of ransom-ware, depending entirely on the skill of the programmer(s).

 

[RobDownSouth]

I'd love it if we went to all users being on VM only.

Would make wiping the machine so much easier.

Agreed, that's what we're working towards. Servers on VMware right now. Quite a nice stack, and we just added UPS-on-steroids because Houston power grid is so flaky.

 

[lovetoread]

Keep in mind that there are multiple types of ransom-ware, depending entirely on the skill of the programmer(s).

The one we are talking about now is the crypto one. Be it the wall, locker, or whichever name it is going under now. They are the only ones who will send you the code.

Agreed, that's what we're working towards. Servers on VMware right now. Quite a nice stack, and we just added UPS-on-steroids because Houston power grid is so flaky.

I love VM. I have my servers setup that way.

Its just a bit expensive to implement.

 

[about_average]

Ransomware fires up, usually when a dumb bunny user opens a sketchy attachment. It typically seeks out network shares that the user has access to, then encrypts each individual file in a directory, which removes the original unencrypted file.

Some just do a file delete after the encryption. If it's a really critical file that's not in the last backup you might get it back with something like Testdisk.

I'd love it if we went to all users being on VM only.

Would make wiping the machine so much easier.

We just remote ghost them, takes 20-45 min depending on how new the machine is.

Keep in mind that there are multiple types of ransom-ware, depending entirely on the skill of the programmer(s).

Yes, but we were talking specifically about the ones that encrypt files. That's the kind that was alluded to by the OP article.

 

[Paul_Chance]

There are different attack vectors, different execution methods, and different targets, ranging from the simple to the very complex. They all would influence both the counter-measures you would take and recovery methods you'd use. It would all be contingent on the sophistication of the attack. If you're talking your run of the mill spear-sphishing hacker that's one thing. If you're talking Ukrainian organized criminal gang, that is a whole other thing.

LOL - which is also why cyber-security is a good career choice.

 

[lovetoread]

I am pretty convinced that these so called "security" companies create a lot of the bad things out there just so you will always need to pay them.

Just like the anti virus companies help create the viruses and malware.