Backups [was Re: Is tape dead?]

John Foust jfoust at
Fri Sep 18 08:43:15 CDT 2015

At 01:01 PM 9/16/2015, Fred Cisin wrote:
>But, those still require a gullibility error on the part of the user, don't they?  Do the ads actually load and run the ransomware, or just present the fraudulent upgrade offer to bring it in?

The bad guys are slipping silent-install vulnerability exploits into
the HTML of ads they place through ad networks.  No user error or
trickery involved.  You never see it coming.  You visit a reputable
site, but can you trust their ad network and all its subcontractors
and all their sub-ad-networks?

As to why your antivirus didn't see it... there's always a few days 
before the latest infection mechanisms are documented and added to 
the AV updates.

As you say, your backup needs to be effectively off-line, not
on a visible writable filesystem, and you need to detect when 
files have changed and keep previous versions within a reasonable
window of detection.  Few residential and small-business
networks have anything like that.  Most write simple backups 
to attached or network storage.  Cloud-based backup is nice, 
and slow upload speeds throttle the damage, but how many cloud-based
small-business backups can recover N previous versions of changed files?

When I first heard about Cryptolocker, I wanted to give up consulting
and find a different career.  

- John

More information about the cctalk mailing list