MySwag.org The Off-road Camper Trailer Forum
General => General Discussion => Topic started by: Bird on November 20, 2013, 11:12:21 AM
-
So anyone been hit yet?
Mate of mine in Sydney and another in Qld have had several companies calling for support on it... apparently the easiest solution is to pay up :(
http://www.smh.com.au/digital-life/consumer-security/cryptolocker-warning-malware-extortion-virus-attacks-on-rise-20131116-2xnl8.html (http://www.smh.com.au/digital-life/consumer-security/cryptolocker-warning-malware-extortion-virus-attacks-on-rise-20131116-2xnl8.html)
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
One nasty component of it
"It grabs network shares and all drives on a computer, so if an idiot in one part of the network gets it, it crawls into its network shares and cyphers all the files it can find"
-
ooooh that looks very nasty!
Shows how old school backup with removeable media still works but I'll bet the cloud backup is now stuffed too
Anyone come up with a proper fix other than paying??
cheers,
Steve
-
It's the first of a new generation of malicious software thats about to run amok.
Obviously don't execute the program in the first place but sometimes these programs are very cleverly disguised.
Generally any attached writable media will be encrypted with this one and the real big issue is that as the law enforcement people catch up with the baddies they shut down their servers effective rendering your encrypted data forever gone as you cant retrieve the unlock key.
I you've been hit and don't have a good remote/disconnected backup you have two choices, pay asap or kiss your data goodbye.
I think that sometimes a data disaster is a good way of getting rid of all that data plaque you've been collecting for years :-)
Remember, if your data doesn't exist in three places it may not exist at all! The three places could be local HDD, local USB/network copy and disconnected copy in geographically different location.
If you sync your data this may not be a real backup unless you keep versions as you can sync corruptions and deletions.
-
It's the first of a new generation of malicious software thats about to run amok.
Obviously don't execute the program in the first place but sometimes these programs are very cleverly disguised.
Generally any attached writable media will be encrypted with this one and the real big issue is that as the law enforcement people catch up with the baddies they shut down their servers effective rendering your encrypted data forever gone as you cant retrieve the unlock key.
I you've been hit and don't have a good remote/disconnected backup you have two choices, pay asap or kiss your data goodbye.
I think that sometimes a data disaster is a good way of getting rid of all that data plaque you've been collecting for years :-)
Remember, if your data doesn't exist in three places it may not exist at all! The three places could be local HDD, local USB/network copy and disconnected copy in geographically different location.
If you sync your data this may not be a real backup unless you keep versions as you can sync corruptions and deletions.
Also if you backup weekly, test your backups monthly to make sure they work... I've had it at a place I worked the backups were reporting 100% fine.. but it wasnt - for 6 months...
-
From mate who is working on this Shit
Hi
A word of warning regarding a new breed of computer virus. This one is called " Cryptolocker ". It is 'Ransomware'.
What it does is infect your machine and then encrypt all your documents and pictures.
It then demands you pay ~ $ 400 or so within 72 hours to get them back.
It uses an RSA 2048 bit encryption method which is not 'crackable' - and only they hold the 'private' key to decrypt your files.
I don't normally send emails warning of viruses to everyone (in fact I never have before) but this one is a game changer.
This virus is being mass distributed via email and also by using browser exploits
- which means you can get it just by looking at web sites that are infected.
I suggest you do a search on Cryptolocker to learn more about it and review your current data backup methods.
Special notes on Cryptolocker:
* It is quite easy to become infected as it can get around almost all antivirus programs.
* It encrypts ALL Documents, Spreadsheets, and pictures, etc located anywhere on your machine - This includes backup drives and network drives.
* If you have an internal hard drive as a backup, it will encrypt all the documents and pictures, etc on it also.
* If you are on a network, it can reach into uninfected machines thru your network and encrypt data on mapped network drives.
* It doesn't just do it's work on the main 'C' Drive, it walks thru the entire machine to make sure it gets everything.
* Only one machine needs to be infected on a network - if that machine has shared/mapped drives, it will also encrypt remote machines
that are not infected.
* If you use Google Drive or a similar cloud service, when documents are changed by the virus (encrypted), these can get uploaded to the 'cloud' and be damaged also.
* The encryption is unbreakable. If they don't get paid, your data is gone forever - unless it is backed up safely elsewhere.
* There is no guarantee that paying them gets your data back but these people have setup a web page for 'customer support' and actively post in forum threads to 'help' people pay them. And yes - that is remarkable.
* Currently, it only affects Windows machines - for now.
* It appears the virus only affects office and text documents (and similar) and pictures. Mp3s and videos don't appear to be targeted (for now).
* A list of files it affects is available online.
* The virus only appeared on or about Sept 6th, 2013.
* The virus writer(s) gets paid via near untraceable methods like Bitcoin, uKash, MoneyPak, etc.
I predict in future that these types of viruses will be the norm and this is only the beginning of this type of attack.
What you should do:
=================
* Please read and learn more about this new type of virus. There is loads of info and news articles about it now. It is only a few months old.
* Keep an OFFLINE backup of your data - EG: Use an EXTERNAL Hard Drive or Flash Pen, etc and turn it off and disconnect it when not in use.
* Unmap network drives that are not needed.
* Update Adobe Flash, and the Java RunTimes (if you use that), your web browser, Windows Updates and your AV software.
* Learn about the 2 programs which may be able to block the virus from infecting your computer.
- One is called: CryptoPrevent from Foolish IT (It's free) and the other is from the Hitman Pro people - Cryptoguard (Free also)
- You need to determine if these tools are suitable for your computer environment (Business, Home, Network, etc)
* If you have a computer network, warn people using your computers about this virus and the damage it can cause.
What you should NOT do:
=====================
* Please do not just reply to this email with : "I don't want to read all about that, just tell me what to do ..." Instead, please learn about this malware/virus and take steps to securely protect your data.
* NEVER open an attachment you are not expecting.
Currently, the emails that are spreading it are pretending to be from banks, courier firms, businesses, etc.
* Certain websites now contain the virus which can automatically run it - if that happens and you have done nothing to protect your data, then a few minutes or hours later your data will be encrypted and without a SAFE BACKUP that has not been affected, you will have a big problem.
* If you have staff, instruct them to be wary of these sorts of emails and please take proactive steps to safeguard your data.
* These people are very aggressive at getting this virus spread
- Last week over 10 million emails were sent out containing the virus payload - And this was in the UK alone.
* Websites that help or give information out about it are routinely under a DDOS attack. * For example, BleepingComputer was attacked.
The forum thread about Cryptolocker at BleepingComputer is 140 pages long and has been viewed 250,000 times.
====
This is not a standard virus whereby you just remove it and it's gone. The virus is relatively easy to remove.
The encrypted data it leaves you with is the problem.
Once it has your data encrypted on your entire machine and your network, it displays a message to pay them.
They get paid all the time by people who don't have a proper OFFLINE, SAFE recent backup.
A Windows patch or anti virus companys' virus definitions may in future be able to stop this or prevent it but it is best that you learn about what this virus can do and what steps to take to prevent it and protect your data.
Regards
Rog ...
-
Yes it's a right bastard. A couple of our clients have been hit but so far we've managed to recover from backups.
We have found a preventative solution if you are on a domain, or if you have windows professional. It basically disallows the running of executables from any temporary area on your PC by setting local security policies. Haven't worked out how to make it happen on windows home yet as they don't do local security policies the same as the pro versions. Need to get into the registry and haven't had time to work it out yet.
This link from BleepingComputers (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#prevent) explains all about it.
Refer to point 16 for how to safeguard yourself.
Edit:- Been testing CryptoPrevent from http://www.foolish it.com/vb6-projects/cryptoprevent/ (remove the space in "foolish it", the swear filter is getting in the way :( )and it appears to work well. Much simpler way of applying run restrictions to a small number of PCs. For a domain a GPO is the way to go.
Works on home versions too :)
-
bitcoin just over $1000 and rising like a rocket....wonder if it is related????
-
bitcoin just over $1000 and rising like a rocket....wonder if it is related????
http://www.theguardian.com/technology/2013/nov/27/hard-drive-bitcoin-landfill-site (http://www.theguardian.com/technology/2013/nov/27/hard-drive-bitcoin-landfill-site)
-
30% of our N drive has been affected by Cryptolocker. ITS have been working on restorations for 10 days now. May get access back to our files early next week, although some of the replaced data will be from 5 days before the break in.
Scary thing is that N drive is also used by payrole, finance, enrolements and HR.
Point of Entry? supposedly very high up in the organisation. Only takes one out of 2500!
-
30% of our N drive has been affected by Cryptolocker. ITS have been working on restorations for 10 days now. May get access back to our files early next week, although some of the replaced data will be from 5 days before the break in.
Scary thing is that N drive is also used by payrole, finance, enrolements and HR.
Point of Entry? supposedly very high up in the organisation. Only takes one out of 2500!
what is the ransom amount.. ???
-
Been told it was in the tens of thousands!
-
Been told it was in the tens of thousands!
Mate who is IT Manager for large eduction company said he can protect 99% of the system but the bosses have laptops that are the main risk.
KB
-
guys
by network drives, can this also "jump" infect ip drives
I have a harddrive that is remote and accessed wirelessly through a IP address, it is not mapped as a network drive, and is my secondary backup.
main backup is mapped to the system so a risk- hoping that the IP drive is secure, or I will have to rethink things
this is just a home network- but I use the IP drive as backup of everything that is important (photos etc) after having lost a harddrive once
-
The only way I've heard of it spreading is via mapped drives so a drive that is never mapped should be fine.
Do you have the ability to power down the remote drive? That's the safest way. Just power it up when you want to run a backup.
-
This is what my IT said about it
This Malware variant is of the Ransomware variety and once run encrypts all files that the user has write access to. This effectively locks the user out of all of their local files and is known to also jump to any mapped network drives.
The name of this virus is Crilock.A and there are two ways it can be spread:
1. Email attachments claiming to be a dispute notification
2. Via machines infected with the Zeus Botnet (virus)
As it stands, the latest virus definitions across all the major vendors are unable to detect the Ransomware until it has been run and begun encrypting files.
What can I do to mitigate the risk?
1. Ensure all machines have antivirus installed and the latest virus definitions
2. Ensure that all your laptops and desktops have System Restore/VSS turned on
3. Don’t keep USB Drives and Backup drives plugged in unless you need to be using them
4. Ensure all your servers are being backed up regularly and that you have successful nightly backups
How do I know I have been infected?
1. If you see any of the attached images pop up on your screen you will have been compromised by the Cryptolocker Virus
What can I do if I have been infected?
1. Immediately disconnect from the Network
2. Unplug any USB Drives or Keys you have attached to the machine
3. Call your IT Service Desk and let us know you have been infected by Cryptolocker
-
Work got hit today...
Point of origin - manger opening obvious spam email with a Shit link in it.
Buy decryption software and get all your files back
Buy decryption software for 600 AUD before 2014-09-14 ?4?:?20?:?19? ?PM
OR buy it later with the price of 1200 AUD
Time left before price increase: 54 h. 44 m. 19 s.
Your total files encrypted: 6456
-
Turns out to be a new variant out 2 days ago.. no solution but file restorations.. we have good backups thankfully....
just no going home tonight..
-
New forked version apparently infecting shadow copies now.
-
New forked version apparently infecting shadow copies now.
forked alright... full restore to recover...
-
Even if you pay the ransom you are not guaranteed to get all of you data back, unless you pay more.
Essentially if you pay once they know you are prepared to pay so they may attempt to extract more cash from you.
AV/Malware software usually can't keep up with the changes to the software. The reason for this is Cryptolocker is polymorphic which means it can change the way it looks so it can't be detected by traditional AV software.
This site may be helpful if you have a Cryptolocker problem, you milage may vary:
https://www.decryptcryptolocker.com (https://www.decryptcryptolocker.com)
-
Just remember, a backup is not a backup until you've tested a restore.
At home I switched from backing up to shared drive on a NAS to using rsync as cryptolocker looks for shared drives to hit too.
-
On the backup note it probably pays to have a couple options, I've been starting to adopt a hybrid approach where key data is backup up to disk and also up to a cloud provider on a regular basis.
-
On the backup note it probably pays to have a couple options, I've been starting to adopt a hybrid approach where key data is backup up to disk and also up to a cloud provider on a regular basis.
been doing that for just on 12 mths now. the old school tape backup and cloud.
-
The cost of some of the cloud backup solutions is pretty reasonable overall, to me there is no reason why people should lose data today.
Jason
-
The cops have caught the purveyors of Cryptolocker and Gameover Zeus, and captured their database of encryption keys.
These are now available for free to victims who have been unable to recover their data by other means.
See the following BBC News item in this link:
http://www.bbc.com/news/technology-28661463 (http://www.bbc.com/news/technology-28661463)
In this part of the world, we have three firewalls (four, if you count the Windows firewall - I don't ... ); three kinds of anti-virus s/w; three kinds of anti-malware software; several bad site blockers.
One of the firewalls has not been updated since 2004. This might seem crazy, but it is an extremely simple and simple-minded piece of s/w. Every file has a checksum. If that file's checksum has changed, the firewall blocks it by default. If it happens to become active in the middle of the night, it gets blocked. Nothing can access either the local network or the Internet without it being vetted by this s/w. Because it's simple, it's also very fast. No fancy heuristics - just a simple GO/NO GO test.
I also pay a bit extra to Telstra for their on-line email anti-virus protection. I was caught once about 17 years ago, and it took me three days to clean/clear all the computers. Never again. Since then, not even DOUBLECLICK and its ilk get to survive!
We also use write-once media for backup of image and data files. These are checked periodically for DVDR/CDR read errors. I have a number of CDRs that need to be re-burned after 10 years in "special" three-ring binder disk storage pockets!! Not impressed! They are still readable (100% for all sectors), but the surface is deteriorating.
Paper DVDR/CDR disk jackets are best, IMNSHO.
As a counsel of perfection, DVDRs should be burned in pairs, with one copy going off-site immediately. This also protects against theft and fire/flood etc.
As for other backup. We have 3 large external powered drives (6TB in total). These are only plugged in and turned on when actually in use.
We also have about 3TB of storage on portable external HDDs. The main one of these travels with me in my camera bag at all times.
These two sets of drives each contain a complete and relatively current backup of all data files from all computers on our network.
I also backup current email data files to my laptop (i.e. back to around 2003. Prior email files to this are in archive files ... .
When push comes to shove, I've yet to see a virus that can prevent the deletion of all partitions using FDISK.EXE, and a complete re-partition/ reformat and re-install of all software. But that's a bloody awful job to undertake!
Just don't open attachments to emails if one is even the tiniest bit suspicious of it. I have even managed to train my SWMBO about this!
BTW, I don't trust Cloud backup at all. Many reasons. First one is: Can you guarantee that the provider will be in business tomorrow? Quite a few more caveats after that major hurdle ...
-
interesting to see this post update.
My workplace just got hit by this bloody thing this morning. had to reload everything back to Friday night
-
Got this one today.
One person opened email from 'Australia Post' and it infected all files on her computer plus all files shared on the cloud, hence affecting all of us!
Been working all day to get things back up and running.
Watch out for this one!
-
Got this one today.
One person opened email from 'Australia Post' and it infected all files on her computer plus all files shared on the cloud, hence affecting all of us!
Been working all day to get things back up and running.
Watch out for this one!
Exact same email she got ... the link when you hovered over it was actually hosted on a site in Turkey... they probably didn't even know it was there.
-
Something that's worth keeping in mind, although I haven't seen one programmed this way for quite a number of years now, is that in some of these emails, the whole page is "live", not just the "link".
i.e. clicking anywhere on the entire message space in the email will take you to the toxic address.
You can tell if this is the case when the email is open by the fact that the cursor is always the "link finger" even when not hovering over the purported link.
Just FWIW.
-
Homer J we must be work colleagues and not know it LOL!!!
-
Homer J we must be work colleagues and not know it LOL!!!
how did you go with it???
-
ITS have been working on restorations for 10 days now.
Hi,
I thought with the ITS's experience they would have been able to restore quickly. They have nightly incremental; weekly, and monthly full backups.
I'm so glad not to be involved any more, the fun factor ran out quite some time ago.
cheers
-
Homer J we discovered it within minutes of the first infection but our IT still re-built everything and we only lost the day.
Champions!
-
Just don't open attachments to emails if one is even the tiniest bit suspicious of it. I have even managed to train my SWMBO about this!
This is very good advice to everyone. A good way to think about it is if it sounds to good to be true it usually is.
BTW, I don't trust Cloud backup at all. Many reasons. First one is: Can you guarantee that the provider will be in business tomorrow? Quite a few more caveats after that major hurdle ...
I would never solely rely on cloud backup, it is part of an overall backup strategy.
Ratbag you go to a lot of trouble to protect and validate your backup, this is something few people go to the trouble of doing. Even if you are using DVDs or hard disks there is no guarantee that when push comes to shove and you need it, that it will be there for you.
A combo of two backup methods helps reduce you risk IMHO.
Jason
-
Gidday Jason
This is very good advice to everyone. A good way to think about it is if it sounds to good to be true it usually is.
Quite. And thank you.
I would never solely rely on cloud backup, it is part of an overall backup strategy.
Actually, I would never rely on it at all .... ;) . There are about another hundred caveats that follow on after that insurmountable hurdle mentioned upthread ...
Ratbag you go to a lot of trouble to protect and validate your backup, this is something few people go to the trouble of doing. Even if you are using DVDs or hard disks there is no guarantee that when push comes to shove and you need it, that it will be there for you.
Ah well. Experience is a great teacher if it doesn't destroy you ... ;) . By having multiple, parallel backups on different classes of media, with some being off-site, the chance of never being able to recover a specific file is exponentially reduced
A combo of two backup methods helps reduce you risk IMHO.
Jason
Exactly why I use the strategy I do :) .
Cloud backup adds complexity; gives one a false sense of security while being screwed; and adds precisely nothing except increased risk. The latter is not unlike ? [Beta] risk analysis of an investment portfolio in accounting ... The risk can be reduced, but only if one actually does the risk analysis in the first place ... :( . This is not done by most for the same reason they cannot be bothered doing backup properly in the first place.
-
Homer J we discovered it within minutes of the first infection but our IT still re-built everything and we only lost the day.
Champions!
Yeah thankfully we discovered it straight away. Was finalised late yesterday by the IT guys, so back to normal today. The lost time costs a lot of money. If only they could catch these scum that release this stuff!
Glad you got your sorted too :cheers:
-
Cloud backup adds complexity; gives one a false sense of security while being screwed; and adds precisely nothing except increased risk.
Please enlighten us with your 'risk analysis'...
-
Please enlighten us with your 'risk analysis'...
LOL.. AGREE!!
without our cloud backup the time to call back the tapes, restore from tape etc would have cost us a weekend + $$ to recall the tapes
as it was from the cloud which we have setup very well took hours not days....
-
Gidday D4D
Please enlighten us with your 'risk analysis'...
Do the single quotes around risk analysis indicate that you consider this to be a rhetorical question, or do you genuinely want me to quantify what I see as some of the serious risks with reliance on cloud backup?
TIA for any clarification that you care to give ...
Ditto, Bird.
My own backup requirements are a minimum of about a Terabyte of critical data. At 2.5 Mbps, this would take longer than I have to back up - about 40 days, and that data is changing fairly frequently. The changes often consist of changes to many 20-30 MB files ...
-
...or do you genuinely want me to quantify what I see as some of the serious risks with reliance on cloud backup?
Yes
-
Yes
OK.
Some questions first.
Do you (or an associated entity, employer, etc) currently use cloud backup?
If so, what investigations did you (or the associated entity) make into the whole process prior to committing to it?
What provision/s have you (etc) made in the event that the Internet is not available? For a day? For a week? For a month?
-
Some questions first.
I think I asked you the question first...
Do you (or an associated entity, employer, etc) currently use cloud backup? yes
If so, what investigations did you (or the associated entity) make into the whole process prior to committing to it? business risk analysis
What provision/s have you (etc) made in the event that the Internet is not available? For a day? For a week? For a month? highly available links
-
LOL.. AGREE!!
without our cloud backup the time to call back the tapes, restore from tape etc would have cost us a weekend + $$ to recall the tapes
as it was from the cloud which we have setup very well took hours not days....
Yeah our IT guys said the same thing, with the cloud stuff we were actually back up and running quicker than we would have been with the old server system.
Oh, and the cloud stuff has made such a difference to the way we do things, as our staff are mobile and on the road or working at home. Whilst we could still access the server from anywhere with the old system, this is just so seamless.
Its amazing to think how technology has changed the way we do things from only 5 to 10 years ago. Its only the a$$#*%@ of the world that stuff things up for the rest of us!
-
I think I asked you the question first...
Do you (or an associated entity, employer, etc) currently use cloud backup? yes
If so, what investigations did you (or the associated entity) make into the whole process prior to committing to it? business risk analysis
What provision/s have you (etc) made in the event that the Internet is not available? For a day? For a week? For a month? highly available links
So your question was rhetorical then.
FYI I had a client who had a "highly available link". Had never been out for more than a few seconds in 10 years. Just before they went over to an integrated system employing cloud storage and backup, that "highly available link" was off the air for about a month ... Fortunately we had a workable fallback position for the interim.
I sincerely hope it all works well for you.
-
You just need a bigger pipe. If you had a direct 1 Gbps link to your cloud provider, then assuming you could sustain a disk-to-disk copy of around 800Mbps throughput your 1TB backup would be finished under 3 hours. Admittedly such links aren't within the reach of small business, but they do exist and many Australian corporate use them on a day-to-day basis.
-
So your question was rhetorical then.
No it wasn't and you have failed to provide an answer.
-
^ Gidday Goose
Yeah, my web site host provider has this kind of connection. When I worked for the Telco back in the day, we used to provide 572 Mbps X.25 pads for a fee ...
My own network is Gbps. My upload connection to the Internet is artificially throttled to said 2.5 Mbps by the ISP. Measured download speed is 113 Mbps (HFC connection).
As Homer Jay said, the technology is changing at a huge rate. I have been a practitioner in this field since before there was a degree offered in computing science, and since well before the term "IT" was coined in the late 1980s-early 1990s.
-
No it wasn't and you have failed to provide an answer.
Your apparent line of questioning would tend to indicate otherwise to me ...
-
Your apparent line of questioning would tend to indicate otherwise to me ...
(http://images.pictureshunt.com/pics/d/dog_fail-14147.jpg)
-
(http://images.pictureshunt.com/pics/d/dog_fail-14147.jpg)
I always try to be as helpful as possible to those who are genuinely seeking help; and if I am able to do so in any way.
Do you always go looking for a fight?
That line from "The Castle" springs to mind - "Take your hand off it, Daryl", or words to that effect.
-
You made a very broad statement that you can't/won't backup. I think it is you who has their hand on it.
-
Cloud backup adds complexity; gives one a false sense of security while being screwed; and adds precisely nothing except increased risk. The latter is not unlike ? [Beta] risk analysis of an investment portfolio in accounting ... The risk can be reduced, but only if one actually does the risk analysis in the first place ... :( . This is not done by most for the same reason they cannot be bothered doing backup properly in the first place.
cloud backup shouldn't add complexity if it is done correctly.
i, for one, have an increased sense of security knowing that my data is backed up in multiple locations, including the cloud. i don't feel like i am being screwed at all.
i know for a fact that a properly implemented cloud backup adds real and tangible benefits to a multi-faceted backup solution. to say it adds nothing but risk is nonsense.
as has been espoused by others on this forum and elsewhere, a good backup solution includes diverse media, multiple versioning and multiple locations.
cloud backup allows for all three of these requirements to be implemented cheaply and effectively for home and business use.
if you choose not to implement cloud backup, that is your choice, but to dismiss it outright is a bit insulting to those of us who have implemented it to good effect.
-
You made a very broad statement that you can't/won't backup. I think it is you who has their hand on it.
Sorry, sport.
That is a statement that I decline to "back up" to you in particular. Perhaps it has something to do with an attitude problem?
And that attitude problem sure ain't on this side of the fence ...
As just one source, you could try reading this PDF (http://www.quocirca.com/media/articles/122011/642/acronis%20-%20cloud%20backup.pdf).
Or here (http://www.informationweek.com/cloud-backup-vs-tape-think-hybrid/d/d-id/1111524?).
There are many other issues that aren't even mentioned by either of these articles, such as corporate governance/status/security of the company or companies to whom you are entrusting your information; the fact that the Internet is inherently ephemeral and insecure; etc, etc.
You see, I recall IBM nearly going to the wall because of the introduction of the PS2 bus, and its failure to make that an open standard. IBM in the late 1980s was a bigger company than just about everyone except the RC church ... Somewhat bigger than the typical cloud backup companies are, I would have thought.
-
Gidday Paceman
cloud backup shouldn't add complexity if it is done correctly.
i, for one, have an increased sense of security knowing that my data is backed up in multiple locations, including the cloud. i don't feel like i am being screwed at all.
i know for a fact that a properly implemented cloud backup adds real and tangible benefits to a multi-faceted backup solution. to say it adds nothing but risk is nonsense.
as has been espoused by others on this forum and elsewhere, a good backup solution includes diverse media, multiple versioning and multiple locations.
cloud backup allows for all three of these requirements to be implemented cheaply and effectively for home and business use.
if you choose not to implement cloud backup, that is your choice, but to dismiss it outright is a bit insulting to those of us who have implemented it to good effect.
As an independent computer consultant, I am constantly bombarded with material from companies offering me re-sale rights on this stuff.
I am yet to see anything that overcomes most of my concerns. See my reply to D4D immediately above.
I do not have much of a problem if anyone wishes to implement cloud backup as part of a holistic approach to backup generally. I have a huge problem with reliance on it solely.
It is also a lousy solution for someone like me who has large files that cannot be incrementally backed up. Even with huge bandwidth, this problem would remain. I am very unlikely to ever be able to afford or justify Gbps upload speeds. I wish I could. Then I would merely backup everything to my own web site, on which I have virtually unlimited storage capacity ...
-
As just one source, you could try reading this PDF (http://www.quocirca.com/media/articles/122011/642/acronis%20-%20cloud%20backup.pdf).
Or here (http://www.informationweek.com/cloud-backup-vs-tape-think-hybrid/d/d-id/1111524?).
did you even read this part in the pdf you have linked?
The cloud does offer a great way for backup and restore needs to be dealt with in a cost- and business-effective manner. However, if approached in the wrong way, it will be costly and may not provide the peace of mind that the organisation expects
sounds like they are quite happy to implement a cloud backup, as long as it is done properly.
also, the informationweek article you have linked to has it's main premise in the fact that the initial seed of the cloud backup is the issue, not the cloud backup itself. the initial seed of the backup is not really the cloud's fault either. that fault lies with the isp you are using.
they also suggest using a multiple media solution (tap, in this case) to allow for initial seeding and also offsite storage of backups.
these articles do nothing to 'back up' your premise that cloud backup does nothing but increase risk.
-
I do not have much of a problem if anyone wishes to implement cloud backup as part of a holistic approach to backup generally. I have a huge problem with reliance on it solely.
but that's not what you stated. and i quote:
"Cloud backup adds complexity; gives one a false sense of security while being screwed; and adds precisely nothing except increased risk."
as always, you have to find a balance when it comes to backups and also derive a value for your data, ie: how much is it worth to you or your business.
and on a side not, backing up everything to your own website might constitute a cloud backup. a private cloud, but a cloud backup, nonetheless...
-
did you even read this part in the pdf you have linked?
Read both of them. That's a five second search worth of independent thought on the subject. It is not meant to represent ALL of my thoughts on the subject ...
The cloud does offer a great way for backup and restore needs to be dealt with in a cost- and business-effective manner. However, if approached in the wrong way, it will be costly and may not provide the peace of mind that the organisation expects
sounds like they are quite happy to implement a cloud backup, as long as it is done properly.
also, the informationweek article you have linked to has it's main premise in the fact that the initial seed of the cloud backup is the issue, not the cloud backup itself. the initial seed of the backup is not really the cloud's fault either. that fault lies with the isp you are using.
they also suggest using a multiple media solution (tap, in this case) to allow for initial seeding and also offsite storage of backups.
these articles do nothing to 'back up' your premise that cloud backup does nothing but increase risk.
The risk mostly (but not totally) arises as a result of lots of things that are external to the actual backup on a remote server and disk farm.
If you cannot see them, you probably won't ever see them.
An unverified backup is not worth the media it may have been written to ...
However, any backup is better than no backup, when all is said and done.
-
but that's not what you stated. and i quote:
"Cloud backup adds complexity; gives one a false sense of security while being screwed; and adds precisely nothing except increased risk."
If I were writing this for a legal audience, perhaps I would choose my words with greater precision ... Silly me, I thought that this was a camper trailer forum ...
Feel free to add in the word "perhaps" between "except" and "increased" if ytou feel the need to do so ...
as always, you have to find a balance when it comes to backups and also derive a value for your data, ie: how much is it worth to you or your business.
and on a side not, backing up everything to your own website might constitute a cloud backup. a private cloud, but a cloud backup, nonetheless...
Agreed.
One over which I have some direct element of control and 'ownership', however ...
-
If I were writing this for a legal audience, perhaps I would choose my words with greater precision ... Silly me, I thought that this was a camper trailer forum ...
Feel free to add in the word "perhaps" between "except" and "increased" if ytou feel the need to do so ...
regardless of the type of forum, we can only go on what has been said, not what should have or could have been said.
your blanket statement, as it stood, directly conflicted with the opinions of some (including mine) with regards to cloud backups. hence the following discourse.
it was the blanket nature of the statement, not your personal opinion, that caused me (and others) to 'fight back'.
in the end, backups are important. the end.
-
^ G'day again Paceman
Agreed.
And what's the little aphorism in your short-form user profile again? "Don't sweat the petty stuff ... " :cheers: .
We can all do without that, IMHO.
BTW, where were all the commentators when I posted (in this thread ... ) that there is a FREE solution to the Cryptolocker and Gameover Zeus scams/viruses?
-
Just one question..... Should I use 6 B&S wiring to wire up to my back-up??
;D ;D ;D
Sorry, I got idea what you guys are talking about....... Let's go camping!
-
Just one question..... Should I use 6 B&S wiring to wire up to my back-up??
I bet ratbag will tell us he has managed to get Ethernet running over 6B&S
-
Sorry, sport.
That is a statement that I decline to "back up" to you in particular. Perhaps it has something to do with an attitude problem?
And that attitude problem sure ain't on this side of the fence ...
As just one source, you could try reading this PDF (http://www.quocirca.com/media/articles/122011/642/acronis%20-%20cloud%20backup.pdf).
Or here (http://www.informationweek.com/cloud-backup-vs-tape-think-hybrid/d/d-id/1111524?).
There are many other issues that aren't even mentioned by either of these articles, such as corporate governance/status/security of the company or companies to whom you are entrusting your information; the fact that the Internet is inherently ephemeral and insecure; etc, etc.
You see, I recall IBM nearly going to the wall because of the introduction of the PS2 bus, and its failure to make that an open standard. IBM in the late 1980s was a bigger company than just about everyone except the RC church ... Somewhat bigger than the typical cloud backup companies are, I would have thought.
You still haven't answered the original question and try and divert attention to some other discussion of yesteryear.
Maybe you can enlighten us to why AWS and MSFT have it all wrong...
-
N/T
-
http://www.theage.com.au/it-pro/security-it/hackers-lock-up-thousands-of-australian-computers-demand-ransom-20140917-10hyyh.html (http://www.theage.com.au/it-pro/security-it/hackers-lock-up-thousands-of-australian-computers-demand-ransom-20140917-10hyyh.html)
-
NERD FIGHT!!!!!!!
>:D
-
(http://thesideliners.com/wp-content/uploads/2014/08/nerds.jpg)
Sorry, couldn't resist
-
I bet ratbag will tell us he has managed to get Ethernet running over 6B&S
Probably a poor example there mate, as it is technically possible to do that. :)
Look at you IT guys go, and people pay out on sparkies for being prickly.
-
Thanks for the link, Bird
http://www.theage.com.au/it-pro/security-it/hackers-lock-up-thousands-of-australian-computers-demand-ransom-20140917-10hyyh.html (http://www.theage.com.au/it-pro/security-it/hackers-lock-up-thousands-of-australian-computers-demand-ransom-20140917-10hyyh.html)
Keeping regular multi version backups is a always good idea, but please remember keep the backups offline. That means not backing up to the cloud but an external drive that's then disconnected from your computer and network and kept off site. Cryptolocker will find and encrypt all of your backups if they're just on an external hard drive that's connected or a network share.
Commenter
Michael LocationAdelaide
Date and timeSeptember 17, 2014, 4:05PM
As an Systems Engineer I've seen this once in a corporation and once in an individual.
The corporation had backups, we removed the offending/infected PC off the network, reimaged it and then restored the network files that were encrypted.
The individual however wasn't as lucky, recent documents were corrupt, fortunately older docs were backed up to the cloud in a couple of locations. So it wasn't a huge loss, just a few documents having to be rewritten.
The most important thing here isn't the backups, though they are important, the most important thing is NOT TO OPEN EMAIL ATTACHMENTS regardless of who they are from, especially if you don't normally receive emails from those particular companies.
Always avoid opening compressed files (ZIP, RAR, 7z)
Don't open a document file unless you're expecting it (doc, docx, pdf, xls, xlsx, etc...) and if you weren't expecting it call whomever sent it and ask if they did.
And finally, IF IT LOOKS SUSPICIOUS IT PROBABLY IS!!!
Commenter
BonezOz LocationSydney
Date and timeSeptember 17, 2014, 4:25PM
A quote or two from that link. Hmm. Now where have I heard that before?
See also here:
http://www.bleepingcomputer.com/forums/t/525028/cryptoprevent-does-it-work/#entry3295401 (http://www.bleepingcomputer.com/forums/t/525028/cryptoprevent-does-it-work/#entry3295401)
and other posts in that thread regarding protection from this virus.
Instead of running around shouting "Panic, Panic" (Hagar ... ), maybe some should be investigating prevention ... ?
Such as Cryptoprevent s/w:
http://www.bleepingcomputer.com/forums/t/525028/cryptoprevent-does-it-work/#entry3294321 (http://www.bleepingcomputer.com/forums/t/525028/cryptoprevent-does-it-work/#entry3294321)
Or Malwarebytes full version ...
And thanks, Symon, I did know that it can be made to work like that, just not very well ... ;) :).
-
NERD FIGHT!!!!!!!
>:D
(http://i.kinja-img.com/gawker-media/image/upload/s--NI4yeFy0--/e48uddimzihv5eq6e434.png)
-
A quote or two from that link. Hmm. Now where have I heard that before?
probably from me, champ. don't be afraid. put my name on your barb.
-
Gidday Paceman
probably from me, champ. don't be afraid. put my name on your barb.
Probably from all sorts of people who are actually experienced and knowledgeable in this field ...
BTW, I don't have a "barb". I am incapable of bearing a grudge.
However I will react in much the same way when confronted with much the same behaviour. If a particular person starts behaving differently, then my reaction to them will be different accordingly. Don't ask why, I won't tell you. I have at least learned that much in my fairly long life.
Malwarebytes has just earned a 100% detection and removal score from AV test .org. You can read about it here:
http://www.malwarebytes.org/awards/ (http://www.malwarebytes.org/awards/)
It is one of the programs I use routinely.
The home version is free, or home premium is $24.95 for three seats. Business version up to 99 seats is $24.95/seat (I assume that's USD).
I suppose it depends on how much your data is worth to you, and how many days your IT people want to spend preventing and recovering from the inevitable failure by a single person. A whole day of lost productivity for a firm costs a lot more than $24.95 per person ... Just putting my CPA hat on for a bit ...
BTW, I just got another two offers to improve my bottom line by selling cloud storage last night. On average I get about 2-3 a week ...
-
Some very good advice from this guy, as certain people here seem not to want to take anything I say as being worthwhile ...
After all, what could I possibly have learned after being in the IT business for 40+ years?
http://askleo.com/why-havent-you-mentioned-cryptoprevent/ (http://askleo.com/why-havent-you-mentioned-cryptoprevent/)
The PDF file can be downloaded here:
http://med.askleomedia.com/ebooks/InternetSafety.pdf (http://med.askleomedia.com/ebooks/InternetSafety.pdf)
FWIW ...
-
Some very good advice from this guy, as certain people here seem not to want to take anything I say as being worthwhile ...
After all, what could I possibly have learned after being in the IT business for 40+ years?
your comment regarding cloud backups offering nothing but increased risk is what certain people deemed as not being worthwhile. as previously stated.
no-one in this thread is doubting the other advice you have provided, so perhaps adjust your position on the high horse you seem to have...
you are not the only one who has been in the business for multiple decades.
-
your comment regarding cloud backups offering nothing but increased risk is what certain people deemed as not being worthwhile. as previously stated.
Perhaps some people shouldn't be quite so fast to "cry 'havoc', and let slip the dogs of war" ... Just a thought ... ;).
BTW, I still have serious reservations about cloud backup and storage systems. Nothing that hasn't been presented here has changed my mind on that. Given the reception of some people here, I am now highly unlikely ever to detail those reservations here ...
no-one in this thread is doubting the other advice you have provided, so perhaps adjust your position on the high horse you seem to have...
I don't own a high horse, either. The stock pony I used to have was only 13.2 hands high ...
you are not the only one who has been in the business for multiple decades.
I have never suggested that I was ...
When I was trouble-shooter of last resort for a major Oz company (open cheque consultant, not an employee), I had a 100% success rate after their internal programmers and help desk people had failed, and their database engine provider had likewise failed. I have a written testimonial to that effect from the then MD of that company. That doesn't mean that I've got any tickets on myself - I haven't, and never have had - but it does tend to indicate that I am fairly competent at what I do. It also doesn't mean that I can't learn from others. A 12 y.o. lad once taught me a trick that I use to this day.
If one keeps an open mind, one can learn something from everyone. If one leaps in and starts attacking someone, then one can hardly blame them for being defensive, if not outright hostile.
-
(http://t0.gstatic.com/images?q=tbn:ANd9GcRs_y3de1AA0YhRXHRU4-TyktQSxqTij3jNZ6dREV3CHRYdGYb3)
-
BTW, I still have serious reservations about cloud backup and storage systems. Nothing that hasn't been presented here has changed my mind on that. Given the reception of some people here, I am now highly unlikely ever to detail those reservations here ...
RTO & RPO come to mind...
That doesn't mean that I've got any tickets on myself
You have the whole ticket book...
-
You have the whole ticket book...
You might think so.
If you go looking for enmity, you will find it everywhere - just IMNSHO.
If you were to ask civil questions in a civil manner, you would probably get civil answers more frequently; but that's just my opinion ... ;) ;D 8) .
-
I have never suggested that I was ...
When I was trouble-shooter of last resort for a major Oz company (open cheque consultant, not an employee), I had a 100% success rate after their internal programmers and help desk people had failed, and their database engine provider had likewise failed. I have a written testimonial to that effect from the then MD of that company. That doesn't mean that I've got any tickets on myself - I haven't, and never have had - but it does tend to indicate that I am fairly competent at what I do. It also doesn't mean that I can't learn from others. A 12 y.o. lad once taught me a trick that I use to this day.
If one keeps an open mind, one can learn something from everyone. If one leaps in and starts attacking someone, then one can hardly blame them for being defensive, if not outright hostile.
but you are using your experience to discredit something that is working for thousands, if not millions, of people and businesses worldwide.
some of us don't need to openly trot our our achievements either to back up our point. i don't need a reference from an MD, or a post that details the fact that i was an 'open cheque' consultant and had a 100% success rate (both of which mean nothing without proof and perspective) to know that plenty of people (including me) disagree with your premise and told you so.
no-one is attacking you for having reservations about cloud backups and no-one here is saying that cloud backups are the perfect solution. but to come out and state that it holds no value is wrong. pure and simple. and easy-to-find evidence backs that up.
it's interesting that you can post some links that detail why cloud backups are not the way to go, but choose to ignore the thousands of success stories.
i've got an open mind. i use cloud backup daily. i would think with your attitude towards it, yours is the mind that perhaps needs to be opened a little more.
-
If you were to ask civil questions in a civil manner, you would probably get civil answers more frequently; but that's just my opinion ... ;) ;D 8) .
Avoiding the question yet again
-
^ Another Internet super hero enters, stage left ...
And his experience and/or qualifications and evidence for his opinions are ... ?
-
^ Another Internet super hero enters, stage left ...
And his experience and/or qualifications and evidence for his opinions are ... ?
where's your evidence that cloud backup offers nothing but increased risk?
-
Avoiding the question yet again
But you are so obviously so far superior to me in knowledge, experience and qualifications (and probably better looking as well), that I wouldn't dream of suggesting that I have anything to offer in this "discussion", oh Holy One ...
-
But you are so obviously so far superior to me in knowledge, experience and qualifications (and probably better looking as well), that I wouldn't dream of suggesting that I have anything to offer in this "discussion", oh Holy One ...
regardless of the name-calling, you have spoken about providing evidence, but have provided none yourself.
-
(http://mugs.mugbug.co.uk/500/box.text_speak_acronym_coaster_ffs.cst.jpg)
-
Seriously? What are you guys actually arguing about?
Swannie
-
regardless of the name-calling, you have spoken about providing evidence, but have provided none yourself.
No name calling by me.
I gave some of my opinions based on many years experience in this and other related fields. I have reasons for those opinions. I stated one insurmountable reason originally. No one here has addressed that one little problem, preferring to attempt to nitpick, discredit, attack and/or fight rather than address that one initial problem.
You probably haven't noticed, but preparatory to deleting my account here, I have deleted all my profile details.
I was led to believe that this was a friendly forum ...
It seems that it may well be, just so long as one goes along merrily with the group-think thing, and never dares to suggest alternative opinions or thoughts.
Sorry, but I have never been much good at the group-think thing.
-
Seriously? What are you guys actually arguing about?
Swannie
(http://www.gupatrol.com/crapola/screwup.jpg)
-
(http://www.gupatrol.com/crapola/screwup.jpg)
it's a heated discussion, that's all. with differences of opinion.
no different to what goes on in other sections of the forum (electrical, anyone?).
i am happy to edit out my comments, if they have offended.
-
it's a heated discussion, that's all. with differences of opinion.
no different to what goes on in other sections of the forum (electrical, anyone?).
Nothing wrong with robust discussion. I'm often the instigator of such discussions :)
Chest beating and pissing contests though are poor form.
-
I dont understand what this thread is about so i cant join the arguement :)
Sent from my GT-P1000 using Tapatalk 2
-
And his experience and/or qualifications and evidence for his opinions are ... ?
More than yours
-
Seems all too silly. So, it is now locked. Forum does not need childish tit for tat.