Backup File Server to DAS
-
@Dashrender said:
@scottalanmiller said:
There is a world of difference between "what are the steps to avoid X" and "what is the best business decision for a real business."
All IT is about managing risk and deciding where on the spectrum we are going to fall.
That's true, but it seems odd to me still to list it, when it would almost never be on the recommend that a business do this list.
A large business sure would.
-
@IT-ADMIN said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
- Use a good firewall with Layer 7 filtering, like Palo Alto
How many of use actually do this though?
More than you'd think. Sophos is pretty popular in the SMB.
Sure, but the normal advice lately around these parts has been to use an ERL - doesn't that kinda fly in the face of the above listed advice?
Cheaper to pay the ransom than it is to pay for a Sophos over a ERL!
lol, it depend, there are some ransom who demand too much $
Sure, the problem is that you don't know for sure how much the ransom will be until it is too late. If it is $300 or $10,000,000 is a big difference.
But the FBI recommends paying it Generally they make the ransom low enough that you will pay it but enough that it will hurt.
-
@coliver But it is completely backwards.
To think, oh hey I'm being ransomed for my data. He doesn't specify a value. Just that the ransoming is occurring, the value could be $300US.
Which might be @IT-ADMIN said:
lol, it depend, there are some ransom who demand too much $
Rather than saying "We need to build a solution to prevent this from occurring, or doing everything in our power to get around the issue of being cryptolocked"
-
@Dashrender said:
@IT-ADMIN said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
- Use a good firewall with Layer 7 filtering, like Palo Alto
How many of use actually do this though?
More than you'd think. Sophos is pretty popular in the SMB.
Sure, but the normal advice lately around these parts has been to use an ERL - doesn't that kinda fly in the face of the above listed advice?
Cheaper to pay the ransom than it is to pay for a Sophos over a ERL!
lol, it depend, there are some ransom who demand too much $
There are? and what is to much?
If you're being targeted by ransomware that is outside the of the normal $500-$1500 ransom, then it's likely that a Sophos won't save you anyway.
Sophos is going to be a very minor point of protection no matter what.
-
@coliver said:
Not sure if that is backwards. Seems like they are making the decision that their data doesn't have the same value of the ransom.
And maybe it doesn't. It's not worth a Windows license, good backups, etc. Those things are cheaper than the ransom, normally. So not surprised if the data isn't worth much of anything.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
There is a world of difference between "what are the steps to avoid X" and "what is the best business decision for a real business."
All IT is about managing risk and deciding where on the spectrum we are going to fall.
That's true, but it seems odd to me still to list it, when it would almost never be on the recommend that a business do this list.
A large business sure would.
OK true - again we are an SMB site, not an enterprise one. In the case of an enterprise, the cost of Sophos vs restoring data is a no brainer.
-
@DustinB3403 said:
Rather than saying "We need to build a solution to prevent this from occurring, or doing everything in our power to get around the issue of being cryptolocked"
Thats something you never do in IT. You never do "everything in your power." Truly, never. That's what @Dashrender and I were discussing. You almost never bother with a UTM for this, but doing everything in your power, you would. You rarely see an SMB go to tape, yet that is how you best avoid this.
Everything in IT is about weight the options versus the risk and determining what makes the most sense for the given scenario.
-
@DustinB3403 said:
@coliver But it is completely backwards.
To think, oh hey I'm being ransomed for my data. He doesn't specify a value. Just that the ransoming is occurring, the value could be $300US.
Which might be @IT-ADMIN said:
lol, it depend, there are some ransom who demand too much $
Rather than saying "We need to build a solution to prevent this from occurring, or doing everything in our power to get around the issue of being cryptolocked"
i was joking Dude, lol
-
i already said a previous post that i have to setup a good backup plan
-
It's a real evaluation, actually. Lots of companies just pay the ransom. You take your chances. But it is part of the risk evaluation.
-
@IT-ADMIN said:
i already said a previous post that i have to setup a good backup plan
But not the kinds that you are considering thus far. They are all very susceptible. You need to consider just about much you will spend to protect yourself and how much protection it will provide.
-
@IT-ADMIN said:
i was joking Dude, lol
Probably not really a good place to be joking. and if you are, you need to make sure you include things so everyone knows you are. Otherwise you'll get what you saw here, everyone trying to educate you on why that's not the correct way to look at it.
-
@Dashrender said:
@IT-ADMIN said:
i was joking Dude, lol
Probably not really a good place to be joking. and if you are, you need to make sure you include things so everyone knows you are. Otherwise you'll get what you saw here, everyone trying to educate you on why that's not the correct way to look at it.
ok, i apologize guys
-
as far as i'm concerned people in ML are friendly and funny even if they are very IT professional
-
just add smiley faces or whatever
-
However, even if joking, many companies actually look at the risk and decide to just pay the ransom. Although there is no guarantee that they will give you back your data after you pay. But typically they do.
-
@DustinB3403 said:
@coliver But it is completely backwards.
To think, oh hey I'm being ransomed for my data. He doesn't specify a value. Just that the ransoming is occurring, the value could be $300US.
Which might be @IT-ADMIN said:
lol, it depend, there are some ransom who demand too much $
Rather than saying "We need to build a solution to prevent this from occurring, or doing everything in our power to get around the issue of being cryptolocked"
Right... no problems with what you are saying. But Isn't there a point for you where the ransom would outweigh the value of the data? It may not be till $100,000,000 but you would get to that point. What @IT-ADMIN is saying is correct some ransoms will demand too much.
-
@IT-ADMIN No need to apologize. Even if you were joking it brings up an interesting point. That there is a point where the value of the data doesn't match the value of the ransom. So it would be less expensive to never see that data again then simply pay the ransom, or build a system to protect yourself against it.
-
@coliver the ransom maker is trying to make money.
There is no benefit to them to make a ransom that's obscene. Unless you value your data so little that you'd be just fine without it.
The entire point of the ransom where is to entice people to need their data (value it) to the point where the ransom is reasonable.
-
People would stop paying if they didn't give it up.
We have Sophos, UTMs, and our Palo Altos doing some blocking yet we've still had one case of it. It was the user being dumb. We didn't pay it though, her punishment was to redo her work she didn't save on the network like she should have.
We a public traded company so we had to do a share holder release just for that though.