Jorge_Orwell
Banned<br>RBM schmuckley
Image to an backup drive routinely.
SSD is so prevalent now,storage is cheap.
SSD is so prevalent now,storage is cheap.
-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
Proper backup procedure in response to threats such as Cryptolocker
Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
The problem with that is that people don't know they're opening an exe. JPEG.exe is a photo, right?
Some people just aren't going to get it. Those, apparently, are the people we hire.
Also, to answer the OP, I am not using anything sophisticated currently. I'm just using syncback, and I take a look at the amount of data is plans on copying before I hit go. If its a huge amount (or all of it), I stop to take a closer look.
Its slower, and not automated, but better than losing everything.
Its slower, and not automated, but better than losing everything.
McLovin
Golden Member
So funny story.
About a year ago my former employer got infected with Cryptolocker. It hit the email of the CEO's Assistant and she had access to a whole bunch of shared folder son our "server".
Cryptolocker infected not only her Laptop, but all those shared folders as well. She tried to blame someone else, but once the Cryptolocker message came up on her PC, she was caught lol.
This company was not on a Domain network and each PC only had local user login. The assistant's account was setup as an admin so needless to say she was hosed. The "server" was in fact a server with Server 2008 R2, but was only used by the accounting department for Great Plains and the shared folders that a few people used.
Worst part is, all of the assistant's files were corrupted, as well as ALL of the shared folders she had access to, including a dropbox account. My boss swore up and down that AT&T was giving him some sort of remote cloud backup service that we had been paying for 2 years and guess what? That backup solution did not work. We had no backup for her pc, or anyone else's PCs for that matter, nor did we have a backup for the server and all those shared files. We had to pay the ransom of almost $2,500 to get our info back.
No, my Boss nor the Assistant were fired or reprimanded and when I was laid off in November, a backup system was still not in place.
Side story, we gave our Medical Director a new PC when she got a promotion to that position and I transferred her data over to the new PC. 6 months later, the HDD on that new system failed. It failed so badly, data recovery was impossible. MY first response was, it's cool my Boss will have a backup of her PC and we can just restore the data. Nope. No data backup. She was PISSED. When she asked him why he hadn't bothered to have a backup of her system and the 10 YEARS worth of documents she had accumulated working for us, his answer was "I'm not responsible for your data or backing it up, that's your job".
He was not fired or reprimanded for that incident either. This incident also took place before the Cryptolocker Incident and how I found out that he had been lying about not having backups of anybody's stuff.
About a year ago my former employer got infected with Cryptolocker. It hit the email of the CEO's Assistant and she had access to a whole bunch of shared folder son our "server".
Cryptolocker infected not only her Laptop, but all those shared folders as well. She tried to blame someone else, but once the Cryptolocker message came up on her PC, she was caught lol.
This company was not on a Domain network and each PC only had local user login. The assistant's account was setup as an admin so needless to say she was hosed. The "server" was in fact a server with Server 2008 R2, but was only used by the accounting department for Great Plains and the shared folders that a few people used.
Worst part is, all of the assistant's files were corrupted, as well as ALL of the shared folders she had access to, including a dropbox account. My boss swore up and down that AT&T was giving him some sort of remote cloud backup service that we had been paying for 2 years and guess what? That backup solution did not work. We had no backup for her pc, or anyone else's PCs for that matter, nor did we have a backup for the server and all those shared files. We had to pay the ransom of almost $2,500 to get our info back.
No, my Boss nor the Assistant were fired or reprimanded and when I was laid off in November, a backup system was still not in place.
Side story, we gave our Medical Director a new PC when she got a promotion to that position and I transferred her data over to the new PC. 6 months later, the HDD on that new system failed. It failed so badly, data recovery was impossible. MY first response was, it's cool my Boss will have a backup of her PC and we can just restore the data. Nope. No data backup. She was PISSED. When she asked him why he hadn't bothered to have a backup of her system and the 10 YEARS worth of documents she had accumulated working for us, his answer was "I'm not responsible for your data or backing it up, that's your job".
He was not fired or reprimanded for that incident either. This incident also took place before the Cryptolocker Incident and how I found out that he had been lying about not having backups of anybody's stuff.
Last edited:
Cerb
Elite Member
Second problem: how many EXEs can you run, that don't come from the internet? Out of everything installed on the PC I'm at right now, I can come up with all of 2, over the machine's entire lifespan, so far.
No! *.jpg is a photo.
Here's how I do it. I keep a cloned duplicate of my SSD on an external HDD. When that is done, the drive is disconnected. I reclone that anytime there is an upgrade/update, etc. If, for some reason my SSD falls victim to any malware, I shutdown. I connect the duplicate HDD (in a eSATA linked case), and boot to my cloneware on a bootable thumbdrive. I clone the HDD to the corrupted SSD. When done, I disconnect the HDD and reboot to the SSD - all fixed, no malware.
chubbyfatazn
Golden Member
dave_the_nerd
Lifer
I wonder how efficient ZFS snapshots and dedup/compression would be for long-term archival.
Since ZFS snapshots are at the file system level, it wouldn't (shouldn't?) matter if cryptolocker nailed all the data on the network share, you could just revert to the previous snapshot and then restore the client from the last unencrypted backup.
I'm thinking you could automate that pretty effectively if you were using a ZFS-backed NAS for client backups.
Since ZFS snapshots are at the file system level, it wouldn't (shouldn't?) matter if cryptolocker nailed all the data on the network share, you could just revert to the previous snapshot and then restore the client from the last unencrypted backup.
I'm thinking you could automate that pretty effectively if you were using a ZFS-backed NAS for client backups.
Yeah that was a little sarcasm there.
To be more direct, you can tell someone not to open an EXE, but the majority of people that get infected with viruses wouldn't be able to tell you the difference between an EXE and a photo.
Well, I get to reap what they sow because I have to clean up the mess afterwards.
Too bad I have to stick with replacing hard drives and not replacing users. Glad this isn't my day job.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
