Analysis of Locky ransomware
-
This post is deleted! -
@Nic Sorry, I don't click on links
-
@aaronstuder said:
@Nic Sorry, I don't click on links
come on, it's just a little ransomware, that's all
-
@aaron said:
@aaron said:
Yes, Backblaze can help with ransomware.
To follow up, Backblaze was hit with CryptoWall on a corporate Windows machine. Not Locky... But I I think it's a better story to follow than my shorter answers.
If you'd like to read the unfortunate details and how it was recovered from backup https://www.backblaze.com/blog/cryptowall-ransomware-recovery/
The nice part is that you can get a full restore as of a certain day. Certainly a good part of a nice backup strategy.
-
@BRRABill said:
@aaron said:
@aaron said:
Yes, Backblaze can help with ransomware.
To follow up, Backblaze was hit with CryptoWall on a corporate Windows machine. Not Locky... But I I think it's a better story to follow than my shorter answers.
If you'd like to read the unfortunate details and how it was recovered from backup https://www.backblaze.com/blog/cryptowall-ransomware-recovery/
The nice part is that you can get a full restore as of a certain day. Certainly a good part of a nice backup strategy.
What is the range of time though? 7 days? 30 days?
-
@wirestyle22 said:
What is the range of time though? 7 days? 30 days?
They keep 30 days of revisions/deletions.
-
Are you using Microsoft EMET at your machines? Which antivirus is your favourite?
Here, some spanish security gurus say EMET is necessary in all cases, also with Windows 10.
-
-
Hospitals can declare a state of emergency of the Internet now? Good to know.
-
It's actually an INTERNAL state, though it could also be considered an INTERNET state as well!
Not sure why the URL says that.
-
@BRRABill said:
It's actually an INTERNAL state, though it could also be considered an INTERNET state as well!
Not sure why the URL says that.
LOL, just going by what I read
-
@Carnival-Boy said:
Isn't it easier to disable macros in Word? I've never known anyone ever use macros in Word (Excel, yes, Word, no).
Went to do this today. Downloaded and installed all the Office ADMX files from Microsoft. Spent ages trying to figure out why it wasn't working. Eventually found a Spiceworks thread where someone points out that Group Policy is not supported with Office 365 Business Plans.
That sucks!!!
Any alternative suggestions would be appreciated. I guess I could do a custom group policy object to change the registry values where macro settings for Word are specified? It looks like it is set by a DWORD called VBAWarnings. That wouldn't stop a user from changing it back, but it would help.
-
This is really winding me up today. I went on to Techradar.com at lunchtime for a bit of light reading and the headline was "Microsoft tightens Office 2016 security with anti-macro measures". "Cool", I thought.
The headline and article was based on a new blog post from Microsoft here:
https://blogs.technet.microsoft.com/mmpc/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/ with the headline "New feature in Office 2016 can block macros and help prevent infection"At no point in either article does it point out that these group policy features aren't available to several versions of Office 2016. It is only available to O365 Enterprise versions (and ProPlus and Volume Licence). Sure, it talks about "Enterprise Administrators", but it's not obvious that enterprise administration means an enterprise plan.
You have to go to this document to actually find out which versions of Office support group policy:
https://technet.microsoft.com/en-us/library/office-applications-service-description.aspxI think it's a disgrace that a plan that is advertised as supporting up to 300 users doesn't include group policy support. 300 Office users is a fairly sizeable company in my book.
-
@Carnival-Boy said:
I think it's a disgrace that a plan that is advertised as supporting up to 300 users doesn't include group policy support. 300 Office users is a fairly sizeable company in my book.
To be fair, IBM would classify a company of that size as a "home or hobby" business. They don't considered you to be an SMB until you have at least 500 employees and often more like 2,000.
Microsoft sees businesses smaller than IBM does, but 300 is still decently small to most vendors.
-
@scottalanmiller said:
@Carnival-Boy said:
I think it's a disgrace that a plan that is advertised as supporting up to 300 users doesn't include group policy support. 300 Office users is a fairly sizeable company in my book.
To be fair, IBM would classify a company of that size as a "home or hobby" business. They don't considered you to be an SMB until you have at least 500 employees and often more like 2,000.
Microsoft sees businesses smaller than IBM does, but 300 is still decently small to most vendors.
Oh brother! Fine, the giants of the world get to make their own minds up.. but come on.. managing 300 users by hand is considered fine? or better yet - who cares? Sigh!
-
@Dashrender said:
@scottalanmiller said:
@Carnival-Boy said:
I think it's a disgrace that a plan that is advertised as supporting up to 300 users doesn't include group policy support. 300 Office users is a fairly sizeable company in my book.
To be fair, IBM would classify a company of that size as a "home or hobby" business. They don't considered you to be an SMB until you have at least 500 employees and often more like 2,000.
Microsoft sees businesses smaller than IBM does, but 300 is still decently small to most vendors.
Oh brother! Fine, the giants of the world get to make their own minds up.. but come on.. managing 300 users by hand is considered fine? or better yet - who cares? Sigh!
Correct, if you are too small to be seen as profitable, you are too small to care about. That's the bottom line. This is why IBM had that disaster on Spiceworks. When SW told them that they had millions of SMB customers, IBM heard "millions of companies with 2,000+ users" when, in fact, there were about five of that size, tops. I met with IBM's management team in person about this in NYC... they had no idea that there were companies with so few people and "in business using computers." They were amazed... but didn't care as there is no money there.
-
@Dashrender said:
@scottalanmiller said:
@Carnival-Boy said:
I think it's a disgrace that a plan that is advertised as supporting up to 300 users doesn't include group policy support. 300 Office users is a fairly sizeable company in my book.
To be fair, IBM would classify a company of that size as a "home or hobby" business. They don't considered you to be an SMB until you have at least 500 employees and often more like 2,000.
Microsoft sees businesses smaller than IBM does, but 300 is still decently small to most vendors.
Oh brother! Fine, the giants of the world get to make their own minds up.. but come on.. managing 300 users by hand is considered fine? or better yet - who cares? Sigh!
That's why tools like PDQ Deploy are so powerful for SMBs... Even their free versions are quite useful, and for their Paid Version is also quite affordable for a well managed SMB.
You could figure out what registry key to modify and push it out that way, or in a batch file with PDQ Deploy.
-
@Dashrender said:
but come on.. managing 300 users by hand is considered fine? or better yet - who cares?
You are always missing something huge in these discussions.... that this is a non-open source problem. If you move to LibreOffice, or Calligra you get all the features at any size. If you opt to live in a world dominated by volume licensing and large vendor support contracts you choose the limitations that your size brings to the table.
It's a bad matching of requirements. The IBMs and Microsofts of the world need big enterprise contracts to keep the lights on, these little customers are too costly to support. If companies so small as to not have significant value to the vendors want to use that software that's fine, but you can't complain when you aren't big enough to get attention or get features that are limited to the big boys. There are other options that would love to provide you with a product that you, likewise, are ignoring.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Carnival-Boy said:
I think it's a disgrace that a plan that is advertised as supporting up to 300 users doesn't include group policy support. 300 Office users is a fairly sizeable company in my book.
To be fair, IBM would classify a company of that size as a "home or hobby" business. They don't considered you to be an SMB until you have at least 500 employees and often more like 2,000.
Microsoft sees businesses smaller than IBM does, but 300 is still decently small to most vendors.
Oh brother! Fine, the giants of the world get to make their own minds up.. but come on.. managing 300 users by hand is considered fine? or better yet - who cares? Sigh!
Correct, if you are too small to be seen as profitable, you are too small to care about. That's the bottom line. This is why IBM had that disaster on Spiceworks. When SW told them that they had millions of SMB customers, IBM heard "millions of companies with 2,000+ users" when, in fact, there were about five of that size, tops. I met with IBM's management team in person about this in NYC... they had no idea that there were companies with so few people and "in business using computers." They were amazed... but didn't care as there is no money there.
LOL - that's laughable - "they had no idea that there were companies with so few people... using computers"
If that doesn't tell them how absolutely disconnected from reality they are, nothing does.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Carnival-Boy said:
I think it's a disgrace that a plan that is advertised as supporting up to 300 users doesn't include group policy support. 300 Office users is a fairly sizeable company in my book.
To be fair, IBM would classify a company of that size as a "home or hobby" business. They don't considered you to be an SMB until you have at least 500 employees and often more like 2,000.
Microsoft sees businesses smaller than IBM does, but 300 is still decently small to most vendors.
Oh brother! Fine, the giants of the world get to make their own minds up.. but come on.. managing 300 users by hand is considered fine? or better yet - who cares? Sigh!
Correct, if you are too small to be seen as profitable, you are too small to care about. That's the bottom line. This is why IBM had that disaster on Spiceworks. When SW told them that they had millions of SMB customers, IBM heard "millions of companies with 2,000+ users" when, in fact, there were about five of that size, tops. I met with IBM's management team in person about this in NYC... they had no idea that there were companies with so few people and "in business using computers." They were amazed... but didn't care as there is no money there.
LOL - that's laughable - "they had no idea that there were companies with so few people... using computers"
If that doesn't tell them how absolutely disconnected from reality they are, nothing does.
No doubt there, but it does highlight how little money there is to be made there. All of the big vendors have a similar idea. The SMB often has this "I'll take my money elsewhere" attitude and the vendors are like "what money?"
