Analysis of Locky ransomware
-
@BRRABill said:
@coliver said:
Backblaze keeps a ton of versions of files. I don't remember how many but it is a lot. Backblaze also isn't a sync client. It is a true backup client.
I'm just imagining the process of restoring 150GB of data as individual files. Ugh.
They'll overnight you a flash drive with your data on it for a fee, if you can't wait for the download.
https://www.backblaze.com/blog/4-tb-usb-restore-drives-are-here-yay/ -
@Nic said:
They'll overnight you a flash drive with your data on it for a fee, if you can't wait for the download.
https://www.backblaze.com/blog/4-tb-usb-restore-drives-are-here-yay/$189 isn't actually a bad deal AND you get to keep the drive.
I wonder how that works, though. I mean, you obviously don't want the actual backup, as the encrypted files have probably been uploaded. So can you get the previous version of every file?
You know what I mean? That seems messy.
-
@BRRABill said:
@Nic said:
They'll overnight you a flash drive with your data on it for a fee, if you can't wait for the download.
https://www.backblaze.com/blog/4-tb-usb-restore-drives-are-here-yay/$189 isn't actually a bad deal AND you get to keep the drive.
I wonder how that works, though. I mean, you obviously don't want the actual backup, as the encrypted files have probably been uploaded. So can you get the previous version of every file?
You know what I mean? That seems messy.
How is it messy? I need the backups from 11/1/2015. They send you a drive with those backups on there. You plug it in and restore. Not sure where the issue is?
-
Well you can go into the console and look at and download individual files. I imagine if you needed a restore from only before the infection date then they'd be able to do that. Let me ping @aaron for more details, since he works for them.
-
@Nic said:
Well you can go into the console and look at and download individual files. I imagine if you needed a restore from only before the infection date then they'd be able to do that. Let me ping @aaron for more details, since he works for them.
Haha ... I was doing the same thing. He might not get the ping though since it's later in the day. I sent him a PM.
-
This post is deleted! -
@aaron
Awesome info. That might just be the solution.
-
Look what hit my quarantine.
So I delivered it.
OMG! I owe them $298,39
Wait what? comma 39 cents? What the f[moderated] is that.
This is an admin email account at a client. If the admin account has it, it is only time before someone does all the things.
-
this is why I turned off Doc and DOCX files via the spam filter.
-
@Dashrender said:
this is why I turned off Doc and DOCX files via the spam filter.
What if your users legitimately need those files?
-
@BRRABill said:
@Dashrender said:
this is why I turned off Doc and DOCX files via the spam filter.
What if your users legitimately need those files?
Much better ways to share documents than through email
-
-
@JaredBusch weird mix of USD and European notation there.
-
@BRRABill said:
@Dashrender said:
this is why I turned off Doc and DOCX files via the spam filter.
What if your users legitimately need those files?
Then I can white list them. Luckily - we rarely need those sent through email.
-
@BRRABill said:
@wirestyle22 said:
Much better ways to share documents than through email
Good point.
Actually - I would say not good point. What ways are you thinking? Drop Box? Google Drive? OneDrive, ODfB? etc - those are all horrible ways to share files because it's just as easy to get infected by them as it is by email.
Heck, the one person I know who got hit by Locky got it through DropBox. He got a notice it had been uploaded - he went and looked - he though HUH, it's odd that it's a word file, because normally it's a PDF - meh, whatever - click - infected!
It didn't help that the company used GPOs to remove the prompting about macros, so he didn't even have that protection. -
@Dashrender said:
Actually - I would say not good point. What ways are you thinking? Drop Box? Google Drive? OneDrive, ODfB? etc - those are all horrible ways to share files because it's just as easy to get infected by them as it is by email.
Heck, the one person I know who got hit by Locky got it through DropBox. He got a notice it had been uploaded - he went and looked - he though HUH, it's odd that it's a word file, because normally it's a PDF - meh, whatever - click - infected!
It didn't help that the company used GPOs to remove the prompting about macros, so he didn't even have that protection.It was more a ML concession. I just assumed there was an easy was in ODfB everyone was using I was unaware of.
For the most part file sharing like that is a PITA, especially for most users who have no idea. I have to get the file, and share it out, etc..
-
@Dashrender said:
@BRRABill said:
@wirestyle22 said:
Much better ways to share documents than through email
Good point.
Actually - I would say not good point. What ways are you thinking? Drop Box? Google Drive? OneDrive, ODfB? etc - those are all horrible ways to share files because it's just as easy to get infected by them as it is by email.
Heck, the one person I know who got hit by Locky got it through DropBox. He got a notice it had been uploaded - he went and looked - he though HUH, it's odd that it's a word file, because normally it's a PDF - meh, whatever - click - infected!
It didn't help that the company used GPOs to remove the prompting about macros, so he didn't even have that protection.I don't really do any local editing any more. Since I have Zoho I use Zoho Docs (doesn't really matter what service you use), but I use their online software. If I get it in an email, I can open it directly with their Docs apps and edit.
-
@johnhooks said:
@Dashrender said:
@BRRABill said:
@wirestyle22 said:
Much better ways to share documents than through email
Good point.
Actually - I would say not good point. What ways are you thinking? Drop Box? Google Drive? OneDrive, ODfB? etc - those are all horrible ways to share files because it's just as easy to get infected by them as it is by email.
Heck, the one person I know who got hit by Locky got it through DropBox. He got a notice it had been uploaded - he went and looked - he though HUH, it's odd that it's a word file, because normally it's a PDF - meh, whatever - click - infected!
It didn't help that the company used GPOs to remove the prompting about macros, so he didn't even have that protection.I don't really do any local editing any more. Since I have Zoho I use Zoho Docs, but I use their online software. If I get it in an email, I can open it directly with their Docs apps and edit.
This is something awesome about O365 and Google Apps as well.
-
@Dashrender said:
@johnhooks said:
@Dashrender said:
@BRRABill said:
@wirestyle22 said:
Much better ways to share documents than through email
Good point.
Actually - I would say not good point. What ways are you thinking? Drop Box? Google Drive? OneDrive, ODfB? etc - those are all horrible ways to share files because it's just as easy to get infected by them as it is by email.
Heck, the one person I know who got hit by Locky got it through DropBox. He got a notice it had been uploaded - he went and looked - he though HUH, it's odd that it's a word file, because normally it's a PDF - meh, whatever - click - infected!
It didn't help that the company used GPOs to remove the prompting about macros, so he didn't even have that protection.I don't really do any local editing any more. Since I have Zoho I use Zoho Docs, but I use their online software. If I get it in an email, I can open it directly with their Docs apps and edit.
This is something awesome about O365 and Google Apps as well.
Ya I've used both. I have a Microsoft account and an Office 365 account. The Office online stuff is nice, and same with Google Docs. I just use Zoho for mail so that makes sense for me.
-
This post is deleted!