Pay up or your data gets it. Ransomware highwaymen's attacks on small biz octuple Small businesses faced eight times more ransomware attacks in the third quarter of 2016 than the same quarter last year, according to stats from Kaspersky Lab. Kaspersky Small Office Security thwarted 27,471 attempts to block access to corporate data in Q3 2016, compared to 3,224 similar attacks in Q3 2015. Ransomware makes …
businesses need to implement reliable, up-to-date information security solutions
No security solution will prevent a previously unknown threat hitting a new zero day. No security solution will prevent you from an idiot with permissions (which unfortunately is a standard SMB use case where director level people have access to everything and insist on it).
Backups, however, especially backups "in-depth" going back a few months will. A ransomware attack on SMB is no different from a catastrophic failure of a hard disk and/or data corruption failure from let's say bad RAM. You can recover from both if you pull a backup. You cannot recover from a catastrophic failure using a "security solution".
This is different from large buisiness/organization - there ransomware hits 100s of machines and backups alone do not cut it as a protective measure.
Easy to block:
Set your GPOs to stop programs executing out of temp internet folders
Set your GPOs to "Deny users access to the command prompt"
Set your file backups to "Hourly - incremental"
Set your databases to full recovery model, backup the transaction log "Hourly - differential"
Turn on "Volume Shadow Copy" on every machine
Use a standard user accounts and only elevate to administrator rights when required
Need help? Hire me, or someone like me, to do this for you.
In addition to hourly/incremental you need a daily or less frequent backup which becomes inaccessible for a reasonable amount of time until media reuse.
This way, even if ransomware wipes your online/connected backup media you can still recover after that.
All of this stops working after 20+ clients though. When you have 20+ clients you can miss a single Typhoid Mary reconnecting them after a quarantine and you are back to square one. There you definitely need some fine grained control over your network and ability to quarantine clients until you have dealt with them.
You speak like a Windows admin person who tries to stop this. For other OS the GCHQ advice says much the same:
https://www.ncsc.gov.uk/guidance/end-user-devices-security-guidance-ubuntu-1404-lts
Basic stuff: deny user-writeable locations execute permissions, deny command prompt and scripting unless really needed, and use apparmor to limit internet-facing programs' ability to hose your data.
But back to the real point: What if your machine really dies? Or the building gets flooded or burns down (probably not at the same time)? What if your laptop gets lost/stolen/driven over by some monkey in a humvee?
For those cases and crypto viruses you need off-premiss backups that can't be trashed by ANY account.
> deny command prompt and scripting unless really needed
If you deny people shell (or any scripting) you might as well force them using MS Windows for their work. Or a phone. Or a TV remote...
Maybe working mostly in academic sphere distorts my views but here everyone using Unix-like system uses shell. No exceptions. Even many MS Windows people use scripting (often Python).
Crashplan seem to work really well for me and others (on top of other local backup that is done by the servers as well)
don't even have to pay for it as any computer can host as many backups as you want but is recommended (i would use the cloud option as last resort as the crashplan cloud servers are slow for online backup and restore if outside the USA)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
