Ransomware Hit 40 Percent of Businesses in the Last Year

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
I know ransomware is on the rise but I had no idea that the number was this high. The amount of money these jackasses ask for is almost comical but, what makes the whole situation worse is the fact that a lot of these companies actually paid the ransom demands. :(

Think your business is immune to the threat of ransomware? Think again. SecurityWatchNearly 40 percent of enterprises were hit by ransomware in the past year, according to a new study sponsored by cyber-security firm Malwarebytes and conducted by Osterman Research. Moreover, 34 percent of those targeted lost money and 20 percent were forced to close up shop because of it.
 
I call bs.

If 40% of all businesses were hit by ransomware last year, and 20% of those were forced to close up shop because of it, that means 8% of ALL BUSINESSES closed shop due to ransom-ware last year.

Absolute and total BS.
 
Last edited:
The parent company I last worked for ( a Fortune 1000 company) was hit by one of these. After a week and a half of trying to restore all services, it was deemed cheaper and faster to pay the ransom than to try to recover. Luckily our division did not get hit as we were still a separate entity, we had our own email, file services and domain.
 
We were hit by it twice in one year 2 years ago! Luckily I implemented an incredibly robust backup/snapshot system, and implemented some additional GP changes and haven't had a single infection in the last 12 months. Just some potentially useful info for any other IT professionals out there

We have VSS turned on with snapshots done every hour during, and 1hr before and after work hours, that saves up to 5 days of information
Our SAN has snapshots done on the same increment, but off-phase 30mins, with a much longer 2 week retention
Daily image backups, with multiple tiers of backups/copies

No one had any admin rights anywhere, I removed IT staff from having admin rights after I arrived as well. Separate admin accounts for doing administrative work now!
Removed programs from being able to install in any temp folders/user folders
Updated proxy with constantly updated block lists
 
Paying is the problem. It just encourages more of this activity.

We had a manager who got hit by this a couple years ago. Hit his laptop and a folder on the network.
I restored the folder from backup (I take snapshots every few hours), and ended up wiping his system and rebuilding it.
So technically you could say we lost money (the cost of my time and the cost to recreate the few semi important files he only had on his laptop), but it wasn't anywhere near business threatening.
 
charold said:
We were hit by it twice in one year 2 years ago! Luckily I implemented an incredibly robust backup/snapshot system, and implemented some additional GP changes and haven't had a single infection in the last 12 months. Just some potentially useful info for any other IT professionals out there

We have VSS turned on with snapshots done every hour during, and 1hr before and after work hours, that saves up to 5 days of information
Our SAN has snapshots done on the same increment, but off-phase 30mins, with a much longer 2 week retention
Daily image backups, with multiple tiers of backups/copies

No one had any admin rights anywhere, I removed IT staff from having admin rights after I arrived as well. Separate admin accounts for doing administrative work now!
Removed programs from being able to install in any temp folders/user folders
Updated proxy with constantly updated block lists
Click to expand...


Question.

How does IT staff do their work without Admin rights?

Isn't essentially all IT does admin stuff? :p
 
Zarathustra[H] said:
Question.

How does IT staff do their work without Admin rights?

Isn't essentially all IT does admin stuff? :p
Click to expand...
I usually just log into a server with an admin account for admin work, but it's nice to know my normal login has limited opportunity to wreak havok if something happens.
 
rezerekted said:
Tip 16: When installing a piece of software, read the End User License Agreement (EULA) so you know what you're getting into

tl;dr
Click to expand...


Yeah, no one reads these, except maybe the legal team at your company if you are about to sign up for a multi-million dollar software license.

There should be a requirement to condense any EULA down to a single page size 12 Times New Roman document so that it is actually feasible for people to read this shit.

As sit stands right now it's like being in congress. The bills are so verbose that it is physically impossible for a congressman to read every bill they have to vote on.
 
DocSavage said:
I usually just log into a server with an admin account for admin work, but it's nice to know my normal login has limited opportunity to wreak havok if something happens.
Click to expand...

I do the same. On my personal machines I always do my day to day stuff in a limited user account, and have a separate admin account for when I need to tweak stuff or isntall software. This is just basic common sense when it comes to computers. Running day to day in an admin account is just straight up foolish, and doing what some around here do - disabling UAC - is unbelievably stupid.

No matter how seasoned of a user you are, and how good you think you are at spotting an exploit, or how good your firewall block list is, eventually all of them screw up. Running without UAC simply should not even be an option.
 
I use a limited user account too and enable the hidden admin account and then password protect it. I can still do admin things from limited user account because I am prompted to enter the admin password when I do anything that needs admin access. I also used gpedit to require ctrl+alt+del before entering the password too and then I programmed my keyboard to make one key stroke enter ctrl+alt+del.
 
I had one company hit last year but damage was limited to the fact that I had installed the free edition of Cryptoprevent a few months earlier as a test. They lost maybe 20% of their data and not 100%. They now run the full licensed version as do several other companies I deal with at my recommendation.

I also stress that they improve their email hosting/servers. Most of the this crap comes via email and many small companies don't have adequate email filtering/scanning at the server end.
 
charold said:
We were hit by it twice in one year 2 years ago! Luckily I implemented an incredibly robust backup/snapshot system, and implemented some additional GP changes and haven't had a single infection in the last 12 months. Just some potentially useful info for any other IT professionals out there

We have VSS turned on with snapshots done every hour during, and 1hr before and after work hours, that saves up to 5 days of information
Our SAN has snapshots done on the same increment, but off-phase 30mins, with a much longer 2 week retention
Daily image backups, with multiple tiers of backups/copies

No one had any admin rights anywhere, I removed IT staff from having admin rights after I arrived as well. Separate admin accounts for doing administrative work now!
Removed programs from being able to install in any temp folders/user folders
Updated proxy with constantly updated block lists
Click to expand...

We are doing pretty much the exact same thing, any downtime is very very limited. Retention for us is indefinite, so we have 30 day backups moved offsite. If I can ask, what are you using for email archiving? Filtering? Does your company use an ERP system?
 
You must log in or register to reply here.
Back
Top