Dear friends,
we are daily confronted with crypto lock ransom attacks.
Mapped drives are effected as well.
Windows SERVERBACKUP up to now was save. But who knows for how long.
We do not find any WORM hardware.
So we thought to install a FTP server or a winsocket solution.
NAS or maybe a cheap WINDOWS PC can be the server.
Does someone have experiences or suggestions.
Best regards,
Otto
Otto
Mapped drives as you mention AND external backup devices connected to an infected machine via USB will be destroyed by the latest Cryptp virus ..
Rick Lipkin
Through which ways the virus get into the system? Running infected EXEs? Opening infected email attachments? Or just visiting infected websites?
EMG
Ciao Otto
We use NAS. At the scheduled time NAS turns on automaticly, makes a copy and then turns itself off.
Maurizio
Otto,
On our installed systems, I have a program that runs 24/7 on the server with the data files. Sometime after midnight, it makes a zip file with all of the database files. The name is drawn from the date, so each day is saved independently. They can have this saved to an external drive on the computer ( mapped ). Some of my clients have swappable drives, rotating them each day for the backups.
Then, in the early morning hours, my clients upload the new zip file to a cloud storage of their choice. This could be OneDrive, Dropbox, or some other resource.
The routine that does the backup is hardcoded. It only interacts with our hosted server ( offsite ) where we place update files. It uses an FTP connection, but only downloads two files ... one with updates to the key ( encrypted ) and one with updated exe files ( archived ). Access to the hosted server account is by a complex user name / password combination.
I'm sure a hacker could penetrate this system but it's an awful lot of work just to be a nuisance. Nothing financial is available in any of this process, and there is no gain. If they were fully successful, they would only cause a small business owner the time to reformat and reload everything. Frankly, that would take less time than it would take to hack the process.
So far we have experienced no problem. Hopefully, that will continue. It is far more likely that one of my clients systems will be destroyed by lightning ( actually happened ). With this system, I can have them back up and running with a new computer in about 20 minutes.
Tim
Enrico
The infected machines I have seen come from a clever e-mail disguised as if it were from FedEx .. something to the effect like :
FedEx .."We have tried to deliver a package to you .. please click on the button below to print the tracking receipt."
Click on the Button and it's 'lights out' ..
Rick Lipkin
People must learn to NOT look at any email they are not 100% certain is OK. They must also NEVER go to websites they are not 100% certain about.
Rick Lipkin wrote:Enrico
The infected machines I have seen come from a clever e-mail disguised as if it were from FedEx .. something to the effect like :
FedEx .."We have tried to deliver a package to you .. please click on the button below to print the tracking receipt."
Click on the Button and it's 'lights out' ..
Rick Lipkin
TimStone wrote:People must learn to NOT look at any email they are not 100% certain is OK. They must also NEVER go to websites they are not 100% certain about.
Hi,
we have ADS server on Linux and make compressed (7z) backup every day and sent it by email automaticly to a google account
Regards
Marcelo VÃa
When receiving an email that "looks authentic" but you sense it is not, right click on ALL links it contains. You will usually see the primary one is not from the original sender. Immediately trash the email.
If still in doubt, contact the supposed sender ( if you know them ) to inquire if they actually sent you an email.
