Ransomware advice

Markymark · 14 May 2017

I, like no doubt many other businesses, are confident but not guaranteed that everything will be ok Monday morning when we start. We have antivirus in place and the staff are aware of protocol re emails from unknown sources. All our data is stored on a nas, nothing on any PC. We also have daily and monthly backups on removable devices

But, should the worst happen and a computer gets compromised, is there anything to do immediately? My first thought is isolating the infected computer and killing the network to stop it spreading. I assumed the easiest way to do this is to shut down the network by switching off the network hub. I assumed someone would have invented a kill switch for this type of thing but nothing exists, so does that mean it's a waste of time and should there be something else we should be doing?

keithmac · 14 May 2017

First thing is to isolate your entire network from the internet, but I suppose the point at which you realise there's a problem they could have already poached a significant amount of data.

Use two separate antivirus programs as well, its a pain but a necessity. I'm always amazed at what Avast turns up in a boottime scan that others have missed!, work nearly lost £5000 due to shortcomings with Bullguard last year.

Markymark · 14 May 2017

keithmac said:
First thing is to isolate your entire network from the internet, but I suppose the point at which you realise there's a problem they could have already poached a significant amount of data.

Use two separate antivirus programs as well, its a pain but a necessity. I'm always amazed at what Avast turns up in a boottime scan that others have missed!, work nearly lost £5000 due to shortcomings with Bullguard last year.

The router plugs into the hub so switching that off will stop any data in the network and any access to the router.

I'm surprised there's nothing to do this which makes me wonder if there's any benefit in doing it?

ufkacbln · 14 May 2017

It is a time based issue

The hackers will improve their software and methods to get round the Firewalls, Anti-Virus etc and systems will be infected no matter how good the defences are, they are on the back foot as the hackers have the lead

Then the defence systems improve and the hackers are now the ones on the back foot as they now have to adapt and get past the new barriers

Then repeat

classic33 · 14 May 2017

Cunobelin said:
It is a time based issue

The hackers will improve their software and methods to get round the Firewalls, Anti-Virus etc and systems will be infected no matter how good the defences are, they are on the back foot as the hackers have the lead

Then the defence systems improve and the hackers are now the ones on the back foot as they now have to adapt and get past the new barriers

Then repeat

Seems the worry now is, Friday - Saturday may just be the start.

keithmac · 14 May 2017

Short of shutting it all down on Friday night and booting up Monday morning I don't know what you can do during the weekend to make it 100% secure.

Most routers allow block or allow lists which is one defence even before your network itself but you have to manually edit them. Quite a task depending on how many sites you use.

All email needs to be scanned due to address spoofing etc.

I wonder if there are companies who would guarantee your network security (for a fee) and would pay for any losses incurred if they failed?.

classic33 · 14 May 2017

There's a few ideas on here.
http://www.scitechgeeks.com/index.php?threads/anyone-come-across-this-one.3779/#post-20154

Levo-Lon · 14 May 2017

Rose tints seem ok when we suffer a massive cyber attack.
I still miss the pre internet days when things only got hard to do when paper or pens ran out..
But in all seriousness this sort of thing shows how feeble our new world techno ways are.
Can we beat the crooks?

LonesomeWanderer · 14 May 2017

As above, by definition antivirus comes is updated after the virus exists so there's no guarantee it will catch everything.

Make sure you have multiple redundant backups and not just to a permanently-attached NAS - some ransomware looks for those, so a completely disconnected backup somewher is essential.

Unplugging everything from the network will stop any infected machines you have from becoming another attack vector for someone else....

Markymark · 14 May 2017

LonesomeWanderer said:
Unplugging everything from the network will stop any infected machines you have from becoming another attack vector for someone else....

But we have many computers and devices. I'm surprised a kill switch to instantly disable all network data doesn't exist.

Leedsbusdriver · 14 May 2017

Use Apple devices. :addict:

keithmac · 14 May 2017

I've often mulled over wether the hackers are actually funded by the anti virus vendors..

Have Apple got a complete business suite, CNC control programs etc (thought not..).

Trickedem · 14 May 2017

Make sure that individual pcs don't have a drive mapped to a NAS

Dan B · 14 May 2017

http://therestartproject.org/wiki/Be_Your_Own_Security_Expert is pretty good imo

Put not your trust in anti virus but in staying up to date

GrumpyGregry · 14 May 2017

Dan B said:
http://therestartproject.org/wiki/Be_Your_Own_Security_Expert is pretty good imo

Put not your trust in anti virus but in staying up to date

^This. Currency is king, all else is insanity.

Ransomware advice

Markymark

Guest

keithmac

Guru

Markymark

Guest

ufkacbln

Guest

classic33

Leg End Member

keithmac

Guru

classic33

Leg End Member

Levo-Lon

Guru

LonesomeWanderer

Veteran

Markymark

Guest

Leedsbusdriver

Every breath leaves me one less to my last

keithmac

Guru

Trickedem

Guru

Dan B

Disengaged member

GrumpyGregry

Here for rides.

Similar threads