New Ytest
Sign out
Bimmerpost
Login
BMW E39 5-Series Forum | 5Post.com
BMW Garage BMW Meets Register Today's Posts  
Go Back   BMW E39 5-Series Forum | 5Post.com > BIMMERPOST Universal Forums > Off-Topic Discussions Board > Video + PC Gaming / Computing

Post Reply
 
Thread Tools Search this Thread
      07-13-2016, 02:19 PM   #1
Sidewinderpb
Banned
327
Rep
1,739
Posts

 
Drives: 2017 340i xDrive 6mt
Join Date: Nov 2013
Location: CT

iTrader: (7)

PSA: Backup Your Data!

Our firm was just hit with the RSA4096 crypto virus (ransomware). It encrypted about half of our client data before being detected, but luckily we had a backup from just a few hours prior. Don't let those basement babies get the best of you!
Appreciate 0
      07-13-2016, 08:50 PM   #2
zx10guy
Brigadier General
5506
Rep
3,310
Posts

 
Drives: 2013 135i
Join Date: Feb 2014
Location: DC

iTrader: (0)

If any corporation doesn't have backup plan, they deserve to go under. Any company worth anything would have set backup procedure which involves incremental and full backups along with snap shots if the corporation is big enough to have a SAN. Also, storing backups off site should be a major consideration in any backup plan. But all the above is dictated by what the company determines a their RPO (recovery point objective) and RTO (recovery time objective). Closer you want both RTO and RPO to be with real time the more you're going to pay to execute it.
Appreciate 1
jaye9441020.00
      07-14-2016, 08:30 AM   #3
P1
Lieutenant General
P1's Avatar
11720
Rep
11,185
Posts

 
Drives: 2004 3/4 ton Duramax
Join Date: Aug 2007
Location: United States

iTrader: (1)

How was the company "hit"? Was it due to one of your employees falling for a dodgy email with a bad attachment? Phishing?
Appreciate 0
      07-14-2016, 08:38 AM   #4
Sidewinderpb
Banned
327
Rep
1,739
Posts

 
Drives: 2017 340i xDrive 6mt
Join Date: Nov 2013
Location: CT

iTrader: (7)

Quote:
Originally Posted by zx10guy View Post
If any corporation doesn't have backup plan, they deserve to go under. Any company worth anything would have set backup procedure which involves incremental and full backups along with snap shots if the corporation is big enough to have a SAN. Also, storing backups off site should be a major consideration in any backup plan. But all the above is dictated by what the company determines a their RPO (recovery point objective) and RTO (recovery time objective). Closer you want both RTO and RPO to be with real time the more you're going to pay to execute it.
There are a great number of firms that are not adequately prepared for these types of events, and they're becoming increasingly prevalent. I'm not that familiar with the technical details, but I have to tip my hat to our tech guys.

http://www.kaspersky.com/about/news/...rs-in-One-Year
Appreciate 0
      07-14-2016, 08:43 AM   #5
Sidewinderpb
Banned
327
Rep
1,739
Posts

 
Drives: 2017 340i xDrive 6mt
Join Date: Nov 2013
Location: CT

iTrader: (7)

Quote:
Originally Posted by P1et View Post
How was the company "hit"? Was it due to one of your employees falling for a dodgy email with a bad attachment? Phishing?
We haven't figured that out yet. Every machine came back clean, with the exception of some standard adware. We've boiled it down to two machines - both of which are brand new, having only been in service for three weeks. With zero programs open, they were both showing upward of 900 files open. It's a bit sketchy that they were both just purchased; however, the two users often work on the same cases, exchanging materials frequently.

Edit: they were also the only machines running Windows 10

Last edited by Sidewinderpb; 07-14-2016 at 08:56 AM..
Appreciate 0
      07-14-2016, 09:00 AM   #6
te37
Major
te37's Avatar
548
Rep
1,131
Posts

 
Drives: F80 SS/SO 6MT
Join Date: Jun 2013
Location: ATL

iTrader: (3)

Quote:
Originally Posted by Sidewinderpb View Post
Our firm was just hit with the RSA4096 crypto virus (ransomware). It encrypted about half of our client data before being detected, but luckily we had a backup from just a few hours prior. Don't let those basement babies get the best of you!
What "virus" protection was on your firms computers?
Appreciate 0
      07-14-2016, 09:35 AM   #7
Sidewinderpb
Banned
327
Rep
1,739
Posts

 
Drives: 2017 340i xDrive 6mt
Join Date: Nov 2013
Location: CT

iTrader: (7)

Quote:
Originally Posted by te37 View Post
What "virus" protection was on your firms computers?
Symantec
Appreciate 0
      07-14-2016, 12:20 PM   #8
te37
Major
te37's Avatar
548
Rep
1,131
Posts

 
Drives: F80 SS/SO 6MT
Join Date: Jun 2013
Location: ATL

iTrader: (3)

Quote:
Originally Posted by Sidewinderpb View Post
Symantec
Best stuff out there, hmm must more to the story
Appreciate 0
      07-14-2016, 12:32 PM   #9
SHoTTa35
Enlisted Member
33
Rep
43
Posts

 
Drives: F30
Join Date: May 2015
Location: Germany

iTrader: (0)

Hey Norwalk! Used to live on Matilda Ave

Anyways, Symantec.... are you using the latest 12.1.6.RU6 MP5 build released like 2 weeks ago?

There is a 0-day flaw that affects basically all of the products because of the scan engine needs to be updated (not the virus definations).

https://www.neowin.net/news/symantec...zero-day-flaws

I'm upgrading all of our clients within the next few weeks to help prevent these kind of issues... about 25,000 workstations and 2500 servers.

.............

We had a similar issue however and this was a smaller remote site that still used tape backups so they were able to restore from about 8hrs overnight (lost some very little data but still could have been worse).

Other larger sites use storage snapshots so that is a bit faster and is not affected by the OS. So easy to mount a previous snapshot and boot up and off we go. Just delete the encrypted VM HDDs and off we go.
Appreciate 0
      07-14-2016, 02:47 PM   #10
Sidewinderpb
Banned
327
Rep
1,739
Posts

 
Drives: 2017 340i xDrive 6mt
Join Date: Nov 2013
Location: CT

iTrader: (7)

Quote:
Originally Posted by SHoTTa35 View Post
Hey Norwalk! Used to live on Matilda Ave

Anyways, Symantec.... are you using the latest 12.1.6.RU6 MP5 build released like 2 weeks ago?

There is a 0-day flaw that affects basically all of the products because of the scan engine needs to be updated (not the virus definations).

https://www.neowin.net/news/symantec...zero-day-flaws

I'm upgrading all of our clients within the next few weeks to help prevent these kind of issues... about 25,000 workstations and 2500 servers.

.............

We had a similar issue however and this was a smaller remote site that still used tape backups so they were able to restore from about 8hrs overnight (lost some very little data but still could have been worse).

Other larger sites use storage snapshots so that is a bit faster and is not affected by the OS. So easy to mount a previous snapshot and boot up and off we go. Just delete the encrypted VM HDDs and off we go.
Not familiar with Matilda - perhaps a different Norwalk?

Funny you should mention that. As I was reading your post, I received an email stating that servers would be going down tonight to update Symantec. Good call!
Appreciate 0
      11-12-2016, 10:04 PM   #11
zkb21
Enlisted Member
7
Rep
47
Posts

 
Drives: BMW E90 2006
Join Date: Oct 2008
Location: MD

iTrader: (1)

AOMEI Backupper is the simplest FREE backup software with system/disk/partition/file backups and system/disk clone. http://www.backup-utility.com
Appreciate 0
      11-13-2016, 12:15 AM   #12
CruzBobby23
Enlisted Member
CruzBobby23's Avatar
United_States
8
Rep
43
Posts

 
Drives: 328i xdrive
Join Date: Apr 2016
Location: New England

iTrader: (0)

Garage List
2006 Acura RL  [0.00]
2009 BMW 328I  [0.00]
Ransomware is a scary virus. A friend of mine lives in Maine and he told me about how his local police station got hit with the virus, they had no choice but to pay. FBI tracked the bitcoins to a Swiss bank but it was a dead end after that.
Appreciate 0
Post Reply

Bookmarks


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -5. The time now is 02:32 PM.




5post
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST