Ransomware Thoughts....
Chris Roberts
![Chris Roberts]()
Chris Roberts
Strategist, Researcher, Hacker, Advisor, CISO/vCISO, Architect, and writer (Sidragon at Substack) Please remember Rule No. 1 "Do not act incautiously when confronting small bald wrinkly smiling men.
OK, got asked just now to put some thoughts down on Ransomware and what can we do....thought I'd share them here, enjoy and I hope they help.
- Backups, this can’t be stressed enough…the important stuff, the data that IS critical to your enterprise/environment…and that’s both server and core desktops (unless you have an educated workforce that knows to save critical data on the servers…rare!)
- Check your security stack, stop accepting defaults and basically look at all that gear you have in the server room that constitutes the “layers of security” and actually put it to work for you!
- STOP CLICKING SHIT! Seriously, in this age of awareness (that’s a totally separate debate, but lets go with utopia for the moment) we should know that clicking ANY attachment is dangerous without first doing ALL our checks on it
- PATCH YOUR SHIT! It’s not a perfect science, but it does remove you from the bottom rung of the ladder.
- STOP USING DEFAULTS! One of those easy access points is your default passwords, accounts etc.
- Disable the volume shadow copy admin tool, that will stop the bad guys from wiping out all your shadow copies…and you then should be able to restore…
- IF in doubt, disconnect! This is one of those times when simply ripping the network cable out of the wall IS a good thing, especially if it’s early enough in the process…
- Your browser is my front door (a lot of the times) take additional precautions over HOW you surf the Internet (let alone WHERE you surf) Blockers, heuristic browsers, sandbox environments etc… And for goodness sakes make sure your browser plugins are updated (again not perfect, but takes you OFF the bottom rung of the ladder)
- AutoPlay, yea…take it out, disable it and then shoot it.
- Clean your computer; turn off unwanted services, connections, and tools, anything that could be used against you… IF you use remote access software set it up to be more securely accessed (or disable unless in use etc.) If you have passwords on your machine encrypt them, store them in a dedicated (secure) program etc.
Arguably there is a LOT that can be done, it just takes 5 minutes of though… and most people don’t take the time.
Information Security, Forensics, Incident Response, Compliance
8 年Air gap your shit! Watch your cat videos from a disposable guest OS running under VMWare that *only* has access to the internet; zero access to other machines or sacred storage on your home network. I've intentionally infected myself several hundred times in a similar environment for malware research. Full recovery time for a complete disaster is just a few minutes. It's easier than you think, though non-IT folks would do well to find a 15 year old nerd to help you get started. This same idea can scale to enterprise level, but with obviously greater cost and complexity since older nerds like me are way more expensive and difficult to work with. :-)
great stuff....in a way I have always wanted to say it :)
dig it...straight and to the point.
Director of Support, Channel Data Management Operations at Model N
8 年Good stuff Chris. I think organizations can also help by educating new employees (even though it should be second nature for everyone by now). Make it a mandatory part of new employee orientation.