Jump to content

Backups and Ransomware.

studiot

By studiot
in The Lounge

 Share

Recommended Posts

studiot

studiot

Posted
Posted (edited)

We have all seen the news of the recent cyberattacks.

 

I would just like to remind members of the urgent need for keeping their data backups bang up to date.

 

These attacks can reach individuals as well as large organisations.

Edited by studiot
Link to comment
Share on other sites
MigL

MigL

Posted
Posted (edited)

I'm old fashioned...

I back up anything important onto paper.

And if disaster strikes, I reload windows 10.

( just finished re-doing my Zotac media center/big screen TV ).

Edited by MigL
Link to comment
Share on other sites
Sensei

Sensei

Posted
Posted (edited)

Typical problem with backups, when somebody is doing them frequently (daily/weekly) from various machines used to work (laptop,desktop,tablet at least),

after a while, there will be complete mess of them, with dozen versions of them, backed up at different times..

Content will desynchronize.

 

If somebody has his/her own public static IP server, with HTTP server installed (even in LAN), I recommend him/her installing SVN (Apache Subversion).

It could be used for storing data regardless whether they're programmer's projects or something else.

And then you can backup entire SVN folder, with the all projects at once.

 

TortoiseSVN is very cool client

https://tortoisesvn.net/

It integrates with Windows explorer via pop-up menus. When user clicks RMB on element/folder in explorer window it shows context-dependent commands.

Edited by Sensei
Link to comment
Share on other sites
StringJunky

StringJunky

Posted
Posted

Typical problem with backups, when somebody is doing them frequently (daily/weekly) from various machines used to work (laptop,desktop,tablet at least),

after a while, there will be complete mess of them, with dozen versions of them, backed up at different times..

Content will desynchronize.

 

If somebody has his/her own public static IP server, with HTTP server installed (even in LAN), I recommend him/her installing SVN (Apache Subversion).

It could be used for storing data regardless whether they're programmer's projects or something else.

And then you can backup entire SVN folder, with the all projects at once.

 

TortoiseSVN is very cool client

https://tortoisesvn.net/

It integrates with Windows explorer via pop-up menus. When user clicks RMB on element/folder in explorer window it shows context-dependent commands.

Unfortunately, the people that can understand what you are saying will be backing up anyway.

1
Link to comment
Share on other sites
pzkpfw

pzkpfw

Posted
Posted

Amazingly, the latest publicised attack is apparently spread though the clicking-on-a-dodgy-link-in-an-email mechanism.

 

(Once inside a network, it then spreads itself, but that's apparently how it first gets in.)

 

... and, up-to-date patched machines would not have been vulnerable.

 

So there's good advice in the OP on making sure backups exist, but there's also some basic education and procedures that need to be attended to.

Link to comment
Share on other sites
Sensei

Sensei

Posted
Posted (edited)

So there's good advice in the OP on making sure backups exist, but there's also some basic education and procedures that need to be attended to.

 

Mobile phone system doesn't reveal the real link URL target prior clicking..

On desktop, one can hover link by mouse pointer, and it'll show up what is target in bubble help,

while on mobile device, nobody is hovering link prior clicking.

 

On Android user can click on link, wait 5-10 seconds,

this will show pop-up, with details,

and then user can decide whether to go or not.

But who will be doing it for EVERY single link they have on screen.. ?

Usage of device would be unbearable..

 

Hackers in HTML e-mails are using

<a href="true url">false url</a>

to fool user.

(such mails can go from your legitimate friends/family members/workmate etc.)

 

When something like this is used on page user is visiting,

user must know in which server they are in,

whether service will be redirecting to other server, or not,

and if it'll be redirecting, whether new url is right one or not right one..

Hacker can attack PHP server, and enable buffering with ob_start()

http://php.net/manual/en/function.ob-start.php

and the everything what server will output will pass through hacker filter, which can add compromising stuff..

Edited by Sensei
Link to comment
Share on other sites
koti

koti

Posted
Posted

I'm using free 1TB from MS Onedrive. After 2 years of heavy photo/video usage I have about 100 gigs of media there. I also keep crucial,

non media data content on dropbox. I don't keep offline backups anymore, I keep everything in the cloud.

Link to comment
Share on other sites
Sensei

Sensei

Posted
Posted (edited)

Unfortunately, the people that can understand what you are saying will be backing up anyway.

 

If there is somebody who don't understand what I am talking about, such person does not deserve for finishing primary school IMHO.. ;)

At least not in XXI century..

 

SVN is replacement, extension of typical backing up methods,

that will take care of versions,

so each machine has up-to-date correct version of data user is working with..

Edited by Sensei
Link to comment
Share on other sites
koti

koti

Posted
Posted (edited)

 

If there is somebody who don't understand what I am talking about, such person does not deserve for finishing primary school IMHO.. ;)

At least not in XXI century..

 

SVN is replacement, extension of typical backing up methods,

that will take care of versions,

so each machine has up-to-date correct version of data user is working with..

Lol, you are deep into the matrix man. Only a small percentage of people know what an apache server or secure virtual network or subversion control is. You need to step down a little or people will hate you for being a smart axx ;)

Edited by koti
Link to comment
Share on other sites
DrKrettin

DrKrettin

Posted
Posted

 

If there is somebody who don't understand what I am talking about, such person does not deserve for finishing primary school IMHO.. ;)

At least not in XXI century..

 

 

 

I agree with koti - this is a typical case of specialism where somebody thinks that everybody should be as involved in the technicalities to the same extent as they are. You could use the same argument for a lack of knowledge about how many things work which people use on a daily basis, for example, a TV, a car, paracetemol, alcohol distillation, prostate gland**, the English language, the list is very long. I doubt whether many people actually know how a telephone works. The point is that the primary school education enables you to find out about these specialities if you want to, and I for one find every item in my list considerably more interesting than computer stuff.

 

**not sure whether this is on a daily basis.

Link to comment
Share on other sites
StringJunky

StringJunky

Posted
Posted (edited)

Are encrypted files in my computer safe from cyber attacks of this kind?

I think as far as nobody being able to read them, then yes, they are safe but encryption malware will own your account so that you can't access them, if they are in your user account on the operating system AFAIK. Best to image your computer with everything on or put your important stuff on a flash stick or external drive or in an online storage facility. The other option is to make an encrypted partition on the same hard drive, storing your stuff there, but that's a bit more nerdy to set up.

Edited by StringJunky
Link to comment
Share on other sites
studiot

studiot

Posted
  • Author
Posted (edited)

Be aware that the previous Ransomwares later versions (cryptolocker type) could access cloud remotely stored data, on your server or the cloud.

This would be locked as well.

Edited by studiot
Link to comment
Share on other sites
Strange

Strange

Posted
Posted

Are encrypted files in my computer safe from cyber attacks of this kind?

 

 

They are likely to be encrypted by the ransomware so you won't be able to access them. I don't think it only encrypts particular file types.

Link to comment
Share on other sites
John Cuthber

John Cuthber

Posted
Posted

... I keep everything in the cloud.

Or "someone else's computer" as it's often referred to.

Since it's free, I presume you have precisely zero comeback if it fails.

 

The essential problem is that, if I can access the backup device from my computer, then ransomeware can do the same.

Link to comment
Share on other sites
koti

koti

Posted
Posted (edited)

Or "someone else's computer" as it's often referred to.

Since it's free, I presume you have precisely zero comeback if it fails.

 

The essential problem is that, if I can access the backup device from my computer, then ransomeware can do the same.

You need to connect some kind of storage to your machine in order to perform the backup. If your machine is not physically disconnected from the network (constantly) than its still a risk. Also good luck with hacking a microsoft server farm. As for redundancy there is little chance you could get even close to the kind of redundancy that the big companies offer - even for free. I think its the insentive that makes you voulnarable. If your data is worth a lot then someone will find a way to get to you. In that case I'd reccomend keeping a low profile - no FB account, no forums, no nothing. If youre the average Joe like me theres no reason not to use cloud services. Edited by koti
Link to comment
Share on other sites
dimreepr

dimreepr

Posted
Posted

You need to connect some kind of storage to your machine in order to perform the backup. If your machine is not physically disconnected from the network (constantly) than its still a risk. Also good luck with hacking a microsoft server farm. As for redundancy there is little chance you could get even close to the kind of redundancy that the big companies offer - even for free. I think its the insentive that makes you voulnarable. If your data is worth a lot then someone will find a way to get to you. In that case I'd reccomend keeping a low profile - no FB account, no forums, no nothing. If youre the average Joe like me theres no reason not to use cloud services.

 

That depends, how much do you want your memories immortalised?

Link to comment
Share on other sites
John Cuthber

John Cuthber

Posted
Posted (edited)

One of the pair of 1TB drives I use for backups is connected to my computer- the other isn't. The difficulty is working out how often to swap them.
As for "Also good luck with hacking a microsoft server farm."
Well, I'm not going to try.

However I invite you to consider this

Practically every hacker in the world is trying to get into µsoft's servers.

Practically nobody is trying to get into my computer.

Which one is at more risk?

Edited by John Cuthber
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.