Daily Incremental Backups

People are worried about what kind of AV they should get, what sort of firewall settings, how to harden their OS so they don't get hit by the ransomware wave.

Anybody here doing the sane thing and just making backups?

I like vipre antivirus. If you can afford it, 5th gen firewalls like Sonicwall, Baraccuda, Cisco or Watchguard can filter virus in the TCP/IP stream.
You can't harden against cryptowall or wannacry far as I know. They run as user mode processes and dont require admin. They only access what the user can access.
Since they're targeted at Windows, not running windows may help. Another would be to virtualize your browser so if infected there is no general network capability. You will need the more advanced firewall to create seperate networks to handle your needs and a seperate security network.

I use shadowcopies every hour and could do incrementals on the same timeline or potentially use a constant replication. Another great idea is to host your data on a SAN or NFS platform and snapshot it on whatever schedule you are comfortable with. Keep your email, databases and user data as seperate mounts as these only target user data today anyhow.

Biggest plus would be blocking users from general internet surfing and training them on how to be stupid. Most of these attacks are using forms of social engineering to trick people into running them. We had a cryptowall infection which was tied to a facebook ad. Simple to block most of the internet from people but perhaps not practical.

I used to work for Barracuda. It's a load of garbage. Never trust definition-based AV scanners to work reliably.

b-backups?

you mean the cloud thingy?

no man, just use rsync or anything. doesn't have to be to a cloud provider could just be to some other host.

nice trips, chekd.

We got hit and within an hour the antivirus caught it but of course damage already done. Impossible to guard against 0 hour attacks if you are the unfortunate one.

User training is the best option right now and staying on top of OS patches but these guys are spinning off variants fast and furiously.

I have literally nothing on my desktop or laptop that Im scared to lose. I'll wipe my drive at literally a moments notice with absolutely no regret

It infects network drives and potentially shares? the user has access to. Cryptowall could only hit mounted shares, not sure about wannacry however.

this is why definition-based AV is a sham. It's low-hanging fruit only and wont cut the mustard ever when it counts. User training seems Sisyphean in effort to me just given that human error will almost always be at the root of any problem. Some of these things being targeted have been vulnerable for the better part of a decade too.

If you can manage to lose a day or half a day of traffic, incremental backups are still the best mitigation against the ransomware.

this is another good approach, storage options these days don't make something like this very tricky to accomplish.

>this is why definition-based AV is a sham.
Hardly.
Its merely a layer of protection, nothing more, nothing less. Its not meant to be the end all, and really there is no end all protection, everything is layers.

If you are a winrefugee on Linux and want a nice gooey try Unison. Hassle free backup you are use to.

>Its merely a layer of protection
stopped reading there.

I use Arch, I've got a systemd managed job that does a sync of any changes on my SSD, it's driven by a .path file so it's event driven. Any time I save a file (excluding volatile directories, etc) it gets sync'd offsite somewhere.

Okay buddy, what silver fucking bullet do you use?

you can read right? I take incremental backups so that I don't have to shell out money or waste time on any of these solutions that don't work. If I were to get hit (and I won't) I can revert to literally minutes before my system was affected.

While yes, I do agree that incremental backups is about the most important thing that you can do, I'm talking about preventing getting hit at all.
What do YOU do to prevent the moron at the reception desk from letting a crypto locker in?

TL;DR we don't give people the room to make mistakes that effect other people. Our receptionist moron (who has amazing T&A I wish you could see) if they downloaded this is completely segregated from our network.

I'll admit though, that our stack is completely custom from the kernel up, and this gives us a huge advantage. We enforce proof-carrying code with all running applications. This effectively mitigates *everything* we don't intend to run.

We could see if you'd learn to use a camera and creepshot like a normal pervert.

She's already gone for the day but one day I promise you'll see a Sup Forums post entitled 'look at my HR lady's boobs'

Lemmie light up and wait

I wrote my own software that takes my files encrypts them and then uses forward error correction (like parity in raid 6), then chunks them up, adds meta data for error detection then distributes them randomly to some local and some remote hard drives.

It is slow and increases the required space for a file to be backed up by 3 but I'll never lose a single animu video.