Wannacry fix?

Oh, and don't click on dodgy links in PDF attachments.

Also backup your data. Best would be in the cloud.
 
Sinbad said:
wannacry deletes restore points as part of its process afaik
Click to expand...

I'm honestly waiting for one of these ransomware things to sit dormant for 2 or 3 months then hit... it will totally fsck 95% of companies who only keep 1 or 2 months of active backups
 
Not really.
It doesn't infect your documents, only encrypts them. So as soon as it activates you'll know, and before it activates your data backups are OK.
You may need to reinstall everything on a clean OS though.

A real bastard thing to do would be to encrypt stuff, and then on-the-fly decrypt it as it's opened for a few months - then stop doing that and request the ransom...
 
Sinbad said:
Not really.
It doesn't infect your documents, only encrypts them. So as soon as it activates you'll know, and before it activates your data backups are OK.
You may need to reinstall everything on a clean OS though.

A real bastard thing to do would be to encrypt stuff, and then on-the-fly decrypt it as it's opened for a few months - then stop doing that and request the ransom...
Click to expand...

For most companies just the delayed encryption would be enough to screw them after watching how most small companies it guys operate
 
ToxicBunny said:
For most companies just the delayed encryption would be enough to screw them after watching how most small companies it guys operate
Click to expand...

Why? last week's backup isn't enrypted, just infected. You can clean it.
 
Sinbad said:
Why? last week's backup isn't enrypted, just infected. You can clean it.
Click to expand...

Depending on the encryption time frame...

Say it waits 2 or 3 months from original infection date and regardless of the date of restore it automatically encrypts when you restore if you're over that time frame?

For smaller companies it could be devastating...

Hell I even know a few large companies that have pretty amateurish backup policies
 
ToxicBunny said:
Depending on the encryption time frame...

Say it waits 2 or 3 months from original infection date and regardless of the date of restore it automatically encrypts when you restore if you're over that time frame?

For smaller companies it could be devastating...

Hell I even know a few large companies that have pretty amateurish backup policies
Click to expand...

Your backup is still unencrypted though. The damage comes in when the encryption kicks in.
So you create a clean system, install patches and anti-malware, then just restore. No problem.
 
Sinbad said:
wannacry deletes restore points as part of its process afaik
Click to expand...

Ah ok, recall helping someone before with ransomware & I just went to the previous restore point to get 99% of their stuff back.
 
Sinbad said:
Your backup is still unencrypted though. The damage comes in when the encryption kicks in.
So you create a clean system, install patches and anti-malware, then just restore. No problem.
Click to expand...

True... I'm just playing Sunday night stupid devils advocate in a retarded way....

I just know of a good few companies that backup full vm's rather than just the data for their file server backups
 
ToxicBunny said:
True... I'm just playing Sunday night stupid devils advocate in a retarded way....

I just know of a good few companies that backup full vm's rather than just the data for their file server backups
Click to expand...

that could hurt a lot... If you don't get time to fix the infection on your restore before it triggers... eina
 
Sinbad said:
that could hurt a lot... If you don't get time to fix the infection on your restore before it triggers... eina
Click to expand...

That's mostly my point... if the infection kicks off on a time point it will encrypt everything before the machine even boots for the first time completely
 
ToxicBunny said:
That's mostly my point... if the infection kicks off on a time point it will encrypt everything before the machine even boots for the first time completely
Click to expand...

hmm, edit the system clock :D
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X