FiveTech Software tech support forums

[Otto]

Dear friends,

we are daily confronted with crypto lock ransom attacks.
Mapped drives are effected as well.
Windows SERVERBACKUP up to now was save. But who knows for how long.

We do not find any WORM hardware.

So we thought to install a FTP server or a winsocket solution.

NAS or maybe a cheap WINDOWS PC can be the server.

Does someone have experiences or suggestions.

Best regards,
Otto

[Baxajaun]

Dear Otto,

you also need a solution like Panda Adaptative Defense

http://www.pandasecurity.com/usa/intelligence-platform/solutions.htm

Please, look at https://github.com/c0p3rnic0/PROTEIN

Best regards

[Rick Lipkin]

Otto

Mapped drives as you mention AND external backup devices connected to an infected machine via USB will be destroyed by the latest Cryptp virus ..

Rick Lipkin

[Enrico Maria Giordano]

Through which ways the virus get into the system? Running infected EXEs? Opening infected email attachments? Or just visiting infected websites?

EMG

[Maurizio]

Ciao Otto
We use NAS. At the scheduled time NAS turns on automaticly, makes a copy and then turns itself off.

Maurizio
www.nipeservice.com

[TimStone]

Otto,

On our installed systems, I have a program that runs 24/7 on the server with the data files. Sometime after midnight, it makes a zip file with all of the database files. The name is drawn from the date, so each day is saved independently. They can have this saved to an external drive on the computer ( mapped ). Some of my clients have swappable drives, rotating them each day for the backups.

Then, in the early morning hours, my clients upload the new zip file to a cloud storage of their choice. This could be OneDrive, Dropbox, or some other resource.

The routine that does the backup is hardcoded. It only interacts with our hosted server ( offsite ) where we place update files. It uses an FTP connection, but only downloads two files ... one with updates to the key ( encrypted ) and one with updated exe files ( archived ). Access to the hosted server account is by a complex user name / password combination.

I'm sure a hacker could penetrate this system but it's an awful lot of work just to be a nuisance. Nothing financial is available in any of this process, and there is no gain. If they were fully successful, they would only cause a small business owner the time to reformat and reload everything. Frankly, that would take less time than it would take to hack the process.

So far we have experienced no problem. Hopefully, that will continue. It is far more likely that one of my clients systems will be destroyed by lightning ( actually happened ). With this system, I can have them back up and running with a new computer in about 20 minutes.

Tim

[Otto]

Hello
at the moment we have a rate of 6% under our clients which have been effected by ransomware.
All kind and brands of antivirus software was installed.

This is how the dbf files look like. But all types of files are infected.

We need a backup of the whole disk which brings back the system 1:1.
With windows serverbackup you are back within an hour.
But who knows if SERVERBACKUP will be effects some days too.
Therefore we search for alternatives.

Thank you for sharing your experiences.
Best regards,
Otto

[Rick Lipkin]

Enrico

The infected machines I have seen come from a clever e-mail disguised as if it were from FedEx .. something to the effect like :

FedEx .."We have tried to deliver a package to you .. please click on the button below to print the tracking receipt."

Click on the Button and it's 'lights out' ..

Rick Lipkin

[TimStone]

People must learn to NOT look at any email they are not 100% certain is OK. They must also NEVER go to websites they are not 100% certain about.

[Enrico Maria Giordano]

Enrico

The infected machines I have seen come from a clever e-mail disguised as if it were from FedEx .. something to the effect like :

FedEx .."We have tried to deliver a package to you .. please click on the button below to print the tracking receipt."

Click on the Button and it's 'lights out' ..

Rick Lipkin

As I suspected...

EMG

[Enrico Maria Giordano]

People must learn to NOT look at any email they are not 100% certain is OK. They must also NEVER go to websites they are not 100% certain about.

I agree.

EMG

[Marcelo Via Giglio]

Hi,

we have ADS server on Linux and make compressed (7z) backup every day and sent it by email automaticly to a google account

Regards

Marcelo Vía

[TimStone]

When receiving an email that "looks authentic" but you sense it is not, right click on ALL links it contains. You will usually see the primary one is not from the original sender. Immediately trash the email.

If still in doubt, contact the supposed sender ( if you know them ) to inquire if they actually sent you an email.

[Otto]

For Office 365 users:

Advanced Threat Protection
Protect your email in real time against unknown and sophisticated attacks.
Customers with subscriptions to select Exchange or Office 365 plans can add Advanced Threat Protection

https://products.office.com/en-us/exchange/online-email-threat-protection#howToBuy

Best regards,
Otto