Survivalist Forum banner

Ransome-ware

1K views 9 replies 8 participants last post by  Corpus 
#1 ·
Can someone please explain to me why ransome-ware is so tough to overcome? I understand the risk, but what I don't understand is why a computer or server system can't be backed up daily? If I can do it, they can. Seems all they'd have to do is reformat and reload or Ghost the system. Another option would be swapping out the drives that are already ready to go and reload the data. But, everytime you read a story about someone being hit with ransome-ware it's the end if the world..
 
#2 ·
I've seen some big servers that have so much data that a full backup doesn't go overnight on tape drives and even incremental may have problems if there is a lot of users doing stuff. Likewise a company having that much data probably has so many workers who use computers that backing them up individually is possible but also costs a lot of money.

So, when a some city or hospital system gets 5-15 thousand computers locked up by ransomware at once it is a juicy bit of tech news :D

Usually just users files in the network are backed up, so the infected computers need to be reinstalled anyways. If thousands of computers are affected that will take time, money and manpower.
 
#5 ·
As someone who has worked in IT off and on for a couple of decades, I can say with absolute certainty that 95%+ of home users rarely, if ever, back up their PCs.

The problem with ransomware is that it typically encrypts everything on the PC.

Most PCs in large businesses with networks do back up files (Word, Excel, etc) or the files are saved on a server. Even if a network of PCs is backed up, it can take a long time to restore all the PCs if everything on the network gets hit. Think about a large business with 1000 PCs getting hit with a ransomware virus that spreads throughout the network. Sometimes it is easier to pay the ransom, although most hackers do not give you the encryption key after payment and there is no guarantee that they won't strike again.

The weakest security link in any network is the employees. Someone's PC picks up the bug while surfing the web of they let it in by downloading something they shouldn't.
 
  • Like
Reactions: Pitbull_Dallas
#7 ·
I'm not sure large corporations have all their databases backed regularly. i'm not talking your personal files, documents, etc., i'm talking about their main ERP systems.

my current employer has a customer, very large retail chain, their stores are literally on almost every other corner, fell victim to ransomware last year. missing several months of data to this day. nothing that made the news, or that impacted their business immediately, but for suppliers, not having access to their POS and inventory data made life pretty difficult for a while.

that's the kind of thing people don't think about. disrupts the supply chain and can have an eventual impact on revenue for a short while, so it can be cheaper to pay off the ransomware or just deal with it rather than spending the money on backup storage for historical data.

at least that's what they told us.
 
#8 ·
You can't backup a ton of data daily. Our lovely IT department started Friday nights and it would finish on Sunday night. However, we got zinged by ransomeware where they attacked our network and our IT department never backed up one of our servers - you know, for our biggest client. You can see all the data and read them in the preview pane but just can't open them up. People are f'd up.
 
#9 ·
Yes, back-up your data and you're only in it for time lost restoring. But most home users don't perform data backups. Also, the really bad ransomwares encrypt all the data. When you are a large corporation with dozens upon dozens of servers to restore, that's a lot of man hours (mostly overtime) to get the restores done.
 
#10 ·
With respect, I think many are missing the nastiest point about ransomware:
It does not lock up your files the second it hits your hard drive... it may be weeks or months before it does that and in that time you’ve backed up your files to a remote drive which is now also infected.

By backing up regularly you are ensuring that all of your files will be inaccessible.

The best plan I’ve heard of (not guaranteed) is to have three or more backups but only use one for a month, then airgap that one while backing up to the other for a month, airgap that one and backup to a third. Then rotate back to the first. Hopefully if you get hit it will only be the first or second backup that is lost. You won’t have your newest files but at least you won’t lose everything.

Edit to clarify:
Actually it would be your most recent back up that is possibly affected. In the above example that would mean that hopefully only the third and maybe second backup that is lost and the oldest, (the first) is safe.
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top