At 01:01 PM 9/16/2015, Fred Cisin wrote:
But, those still require a gullibility error on the
part of the user, don't they? Do the ads actually load and run the ransomware, or
just present the fraudulent upgrade offer to bring it in?
The bad guys are slipping silent-install vulnerability exploits into
the HTML of ads they place through ad networks. No user error or
trickery involved. You never see it coming. You visit a reputable
site, but can you trust their ad network and all its subcontractors
and all their sub-ad-networks?
As to why your antivirus didn't see it... there's always a few days
before the latest infection mechanisms are documented and added to
the AV updates.
As you say, your backup needs to be effectively off-line, not
on a visible writable filesystem, and you need to detect when
files have changed and keep previous versions within a reasonable
window of detection. Few residential and small-business
networks have anything like that. Most write simple backups
to attached or network storage. Cloud-based backup is nice,
and slow upload speeds throttle the damage, but how many cloud-based
small-business backups can recover N previous versions of changed files?
When I first heard about Cryptolocker, I wanted to give up consulting
and find a different career.
- John