Analysis of Locky ransomware
- 
 @johnhooks Zoho is free for 25 users for file storage only - you don't get email until you get to the $8/u/m plan. 
- 
 You do according to this 
 https://www.zoho.com/mail/zohomail-pricing.html? 
- 
 Interesting, not according to this 
 https://www.zoho.com/docs/zoho-docs-pricing.html I got there by clicking on docs under Email and collaboration 
  Then pricing at the top. 
- 
 @wirestyle22 said: @Dashrender said: @Carnival-Boy said: Well, if it was up to me I'd just use Google Apps. I'd miss Excel and to a lesser extent Outlook and Access, but I'd be get used to it. I think most of the people I work with who are under the age of 30 would feel the same. It's the oldies that would struggle. That's still not free - but if you're willing to deal with Google Docs, what's wrong with O365 Business non local install? They are a tit for tat, more or less. And the nice thing about O365, MS is continuing to work on Online Office to add greater and greater capabilities. What is O365 not capable of doing that a local install is? O365 is a local install. O365 does not imply "non-local" in any way. 
- 
 @Dashrender said: @Carnival-Boy said: Well, if it was up to me I'd just use Google Apps. I'd miss Excel and to a lesser extent Outlook and Access, but I'd be get used to it. I think most of the people I work with who are under the age of 30 would feel the same. It's the oldies that would struggle. That's still not free - but if you're willing to deal with Google Docs, what's wrong with O365 Business non local install? They are a tit for tat, more or less. And the nice thing about O365, MS is continuing to work on Online Office to add greater and greater capabilities. Yeah... they both suck. LOL 
- 
 @Carnival-Boy said: Well, if it was up to me I'd just use Google Apps. I'd miss Excel and to a lesser extent Outlook and Access, but I'd be get used to it. I think most of the people I work with who are under the age of 30 would feel the same. It's the oldies that would struggle. Well that shows my age. I'm impressed with how well they work for what they are, but I totally dislike them. I like LibreOffice and Calligra best and MS Office after that, but all three I like local install way better. Not that I need it, but I prefer the feel of it. 
- 
 If I could, I would move us all to Linux workstations. The length of time it takes to restore a file server because one user got a share encrypted (possibly due to security not being tight enough, my fault there), way too much time. Haven't gotten hit with any yet, in two networks, but I have OCD when it comes to security (or I'm just lucky... I'll go with lucky and eat my humble pie). 
- 
 I'll Agree with Scott there - local install feels better. I should try making some pivot tables and other things I do in online Excel just to see if it covers the majority of what I need. 
- 
 @BBigford said: If I could, I would move us all to Linux workstations. The length of time it takes to restore a file server because one user got a share encrypted (possibly due to security not being tight enough, my fault there), way too much time. Haven't gotten hit with any yet, in two networks, but I have OCD when it comes to security (or I'm just lucky... I'll go with lucky and eat my humble pie). While there isn't so much risk on Linux, it will come. I am totally for going to Linux desktops, trust me. But the REAL solution here isn't Linux, it's not using network shares. That's the actual point of risk, not Windows. 
- 
 @BBigford said: If I could, I would move us all to Linux workstations. The length of time it takes to restore a file server because one user got a share encrypted (possibly due to security not being tight enough, my fault there), way too much time. Haven't gotten hit with any yet, in two networks, but I have OCD when it comes to security (or I'm just lucky... I'll go with lucky and eat my humble pie). You don't need linux to solve that - and it wouldn't really solve it either. You'd have security through obscurity. If you were using open NFS shares instead of SMB/CIFS shares you'd be in the same boat. A linux user downloads cryptoware from a drive by website - it runs as the user, the user has access to the NFS, bam - all files they have write access to encrypted. If you really want to solve that problem, you need to move to the LANless design with something like SharePoint or ownCloud. 
- 
 @scottalanmiller said: @BBigford said: If I could, I would move us all to Linux workstations. The length of time it takes to restore a file server because one user got a share encrypted (possibly due to security not being tight enough, my fault there), way too much time. Haven't gotten hit with any yet, in two networks, but I have OCD when it comes to security (or I'm just lucky... I'll go with lucky and eat my humble pie). While there isn't so much risk on Linux, it will come. I am totally for going to Linux desktops, trust me. But the REAL solution here isn't Linux, it's not using network shares. That's the actual point of risk, not Windows. Damn, Scott beat me to it. 
- 
 @Dashrender said: I'll Agree with Scott there - local install feels better. I should try making some pivot tables and other things I do in online Excel just to see if it covers the majority of what I need. I would imagine it won't be able to to. You can 't even freeze columns/rows in Excel Online. 
- 
 @scottalanmiller said: @BBigford said: If I could, I would move us all to Linux workstations. The length of time it takes to restore a file server because one user got a share encrypted (possibly due to security not being tight enough, my fault there), way too much time. Haven't gotten hit with any yet, in two networks, but I have OCD when it comes to security (or I'm just lucky... I'll go with lucky and eat my humble pie). While there isn't so much risk on Linux, it will come. I am totally for going to Linux desktops, trust me. But the REAL solution here isn't Linux, it's not using network shares. That's the actual point of risk, not Windows. The future is unknowable. Though something might only work for now, I'll shift accordingly with infections. I don't have to future-proof our whole network by migrating to a different OS or different way of sharing drives, because there's no determination that will actually work indefinitely. But for now, that would work and staying just ahead of the curve is my goal. As technology and attack techniques evolve, so shall our best practices. Just an opinion. 
- 
 @BBigford said: @scottalanmiller said: @BBigford said: If I could, I would move us all to Linux workstations. The length of time it takes to restore a file server because one user got a share encrypted (possibly due to security not being tight enough, my fault there), way too much time. Haven't gotten hit with any yet, in two networks, but I have OCD when it comes to security (or I'm just lucky... I'll go with lucky and eat my humble pie). While there isn't so much risk on Linux, it will come. I am totally for going to Linux desktops, trust me. But the REAL solution here isn't Linux, it's not using network shares. That's the actual point of risk, not Windows. The future is unknowable. Though something might only work for now, I'll shift accordingly with infections. I don't have to future-proof our whole network by migrating to a different OS or different way of sharing drives, because there's no determination that will actually work indefinitely. But for now, that would work and staying just ahead of the curve is my goal. As technology and attack techniques evolve, so shall our best practices. Just an opinion. True, but the difference is that one approaches closes a known security hole and the other does not. One is avoiding known implementations while the other is eliminating the problem. In the future will things like ownCloud be attacked like shares are today? Maybe. But currently there is no attack against them, no one has invented that yet. But the existing Windows attacks can be used on Linux, just because they are not being used doesn't change the fact that they exist. Very different things... closing a known security hole versus leaving it open and just placing the hole where people tend not to try to get in through it. 
- 
 @scottalanmiller said: Very different things... closing a known security hole versus leaving it open and just placing the hole where people tend not to try to get in through it. yep, security through obscurity, not real security at all. 
- 
 @Dashrender said: @scottalanmiller said: Very different things... closing a known security hole versus leaving it open and just placing the hole where people tend not to try to get in through it. yep, security through obscurity, not real security at all. It's slightly better than pure obscurity. Linux desktops are slightly more secure than Windows ones. Open source, for example, goes a long way towards giving Linux a security advantage (less obscurity, more transparency.) So there is an improvement in security. But the main factor is definitely obscurity - the fundamental hole is left as is. 
- 
 @scottalanmiller said: @BBigford said: @scottalanmiller said: @BBigford said: If I could, I would move us all to Linux workstations. The length of time it takes to restore a file server because one user got a share encrypted (possibly due to security not being tight enough, my fault there), way too much time. Haven't gotten hit with any yet, in two networks, but I have OCD when it comes to security (or I'm just lucky... I'll go with lucky and eat my humble pie). While there isn't so much risk on Linux, it will come. I am totally for going to Linux desktops, trust me. But the REAL solution here isn't Linux, it's not using network shares. That's the actual point of risk, not Windows. The future is unknowable. Though something might only work for now, I'll shift accordingly with infections. I don't have to future-proof our whole network by migrating to a different OS or different way of sharing drives, because there's no determination that will actually work indefinitely. But for now, that would work and staying just ahead of the curve is my goal. As technology and attack techniques evolve, so shall our best practices. Just an opinion. True, but the difference is that one approaches closes a known security hole and the other does not. One is avoiding known implementations while the other is eliminating the problem. In the future will things like ownCloud be attacked like shares are today? Maybe. But currently there is no attack against them, no one has invented that yet. But the existing Windows attacks can be used on Linux, just because they are not being used doesn't change the fact that they exist. Very different things... closing a known security hole versus leaving it open and just placing the hole where people tend not to try to get in through it. I didn't mean completely avoid the problem by transitioning to a different platform or (if possible) completely transitioning to cloud. Especially not being obscure about anything... I can close up a security loophole now, but what's to say it won't get bypassed? That's unknowable, so I do the best I can now by constantly shifting how we operate (whether that is redesigning our shares/security/etc). 
- 
 But that's just it, you're not closing up a hole. The ability for a user to run ransomware on their Linux machine and have that ransomware encrypt network shares is as easy to do on Linux as it is on Windows. Only by going to something like SharePoint or ownCloud do you completely get rid of the simplicity of this specific problem. And it solves it for both Windows and Linux 
- 
 @Dashrender said: @johnhooks Zoho is free for 25 users for file storage only - you don't get email until you get to the $8/u/m plan. It's free email also. I'm using it right now. 
- 
 The obscurity that you're going to is the move to Linux and the fact that the malware writers haven't bothered to write malware for Linux yet. MAC users could say the same thing, until they couldn't. It's been several months or more now since a MAC variant of ransomware has been available. See, you could have previously just as easily said - I want to move everyone to a MAD because there's no ransomware there, well that would have worked until it didn't... the same WILL happen to Linux. But you can skip the entire concern of this specific avenue of problem by moving to SharePoint or ownCloud. 




