Daily Incremental Backups

>>61126704
I like vipre antivirus. If you can afford it, 5th gen firewalls like Sonicwall, Baraccuda, Cisco or Watchguard can filter virus in the TCP/IP stream.
You can't harden against cryptowall or wannacry far as I know. They run as user mode processes and dont require admin. They only access what the user can access.
Since they're targeted at Windows, not running windows may help. Another would be to virtualize your browser so if infected there is no general network capability. You will need the more advanced firewall to create seperate networks to handle your needs and a seperate security network.

I use shadowcopies every hour and could do incrementals on the same timeline or potentially use a constant replication. Another great idea is to host your data on a SAN or NFS platform and snapshot it on whatever schedule you are comfortable with. Keep your email, databases and user data as seperate mounts as these only target user data today anyhow.

Biggest plus would be blocking users from general internet surfing and training them on how to be stupid. Most of these attacks are using forms of social engineering to trick people into running them. We had a cryptowall infection which was tied to a facebook ad. Simple to block most of the internet from people but perhaps not practical.

>>61127040
I used to work for Barracuda. It's a load of garbage. Never trust definition-based AV scanners to work reliably.

b-backups?

you mean the cloud thingy?

>>61127111
no man, just use rsync or anything. doesn't have to be to a cloud provider could just be to some other host.

>>61127111
nice trips, chekd.

>>61127089
We got hit and within an hour the antivirus caught it but of course damage already done. Impossible to guard against 0 hour attacks if you are the unfortunate one.

User training is the best option right now and staying on top of OS patches but these guys are spinning off variants fast and furiously.

I have literally nothing on my desktop or laptop that Im scared to lose. I'll wipe my drive at literally a moments notice with absolutely no regret

>>61127259
It infects network drives and potentially shares? the user has access to. Cryptowall could only hit mounted shares, not sure about wannacry however.

>>61127221
this is why definition-based AV is a sham. It's low-hanging fruit only and wont cut the mustard ever when it counts. User training seems Sisyphean in effort to me just given that human error will almost always be at the root of any problem. Some of these things being targeted have been vulnerable for the better part of a decade too.

If you can manage to lose a day or half a day of traffic, incremental backups are still the best mitigation against the ransomware.

>>61127259
this is another good approach, storage options these days don't make something like this very tricky to accomplish.

>>61127298
>this is why definition-based AV is a sham.
Hardly.
Its merely a layer of protection, nothing more, nothing less. Its not meant to be the end all, and really there is no end all protection, everything is layers.

If you are a winrefugee on Linux and want a nice gooey try Unison. Hassle free backup you are use to.

>>61127364
>Its merely a layer of protection
stopped reading there.

>>61127509
I use Arch, I've got a systemd managed job that does a sync of any changes on my SSD, it's driven by a .path file so it's event driven. Any time I save a file (excluding volatile directories, etc) it gets sync'd offsite somewhere.

>>61127880
Okay buddy, what silver fucking bullet do you use?

>>61127909
you can read right? I take incremental backups so that I don't have to shell out money or waste time on any of these solutions that don't work. If I were to get hit (and I won't) I can revert to literally minutes before my system was affected.

>>61127949
While yes, I do agree that incremental backups is about the most important thing that you can do, I'm talking about preventing getting hit at all.
What do YOU do to prevent the moron at the reception desk from letting a crypto locker in?

>>61127984
TL;DR we don't give people the room to make mistakes that effect other people. Our receptionist moron (who has amazing T&A I wish you could see) if they downloaded this is completely segregated from our network.

I'll admit though, that our stack is completely custom from the kernel up, and this gives us a huge advantage. We enforce proof-carrying code with all running applications. This effectively mitigates *everything* we don't intend to run.

>>61128204
We could see if you'd learn to use a camera and creepshot like a normal pervert.

>>61128440
She's already gone for the day but one day I promise you'll see a /g/ post entitled 'look at my HR lady's boobs'

File: 1.jpg (31KB, 852x480px) Image search: [Google]

31KB, 852x480px

>>61128554
Lemmie light up and wait

File: 1497415661344.png (30KB, 747x491px) Image search: [Google]

30KB, 747x491px

I wrote my own software that takes my files encrypts them and then uses forward error correction (like parity in raid 6), then chunks them up, adds meta data for error detection then distributes them randomly to some local and some remote hard drives.

It is slow and increases the required space for a file to be backed up by 3 but I'll never lose a single animu video.