Jump to content

... And Ransom ware... Rrrrrrr

chef

By chef
in Non-Emby General Discussion

 Share

Recommended Posts

CBers

CBers   6766

Posted
Posted

Doesn't Dropbox use Version History on files?

 

So if a newer version of the same file was uploaded, the previous version is also there.

 

I think you may have to do it on a per file basis, so it will be time consuming.

 

Not sure if Dropbox themselves could just delete the latest version, based on a date supplied to them, and just present the previous version.

 

Just a thought.

Link to comment
Share on other sites
jscoys

jscoys   143

Posted
Posted

+1 For backblaze. One of my drives broke and I was happy with the recovering system... Recovered up to the last bit of data!

 

I sort of know how that feels (not totally), I had a home fire, thought I lost everything...  They let me go in and grab my drive array, it was soaking wet, and smoke damaged.. Already I was mentally prepared for the worst...   However I did get lucky, i ran the drives and array in an enclosed dehydrator for a week, everything came up and i was able to get all of my data...     Started using backblaze after that..     Backblaze is like 50 bucks a month, and though it would backup encrypted ransomware files, it has a running 30 day history, so if your files got encrypted today, you could go back to yesterdays files.  Backblaze guys are pretty cool too, I asked them to show me where my data was being stored, i wanted to see the servers.  They went and took a few pictures for me, made an animated gif, lol i was geek impressed!       anyway the point is they have great customer service, they are inexpensive, reliable (if you read into how their system works, helps protect from bit rot), keeps 30 days of previous backups in case of infection or accidental deletion from the machine, They will mail you hard drives with your data for free as long as you return the drives, the backup app is really stable and fast..   I have been nothing but impressed so far. I highly recommend them.

 

Now for shameless free stuff....    If any of you decide to use backblaze, use this link and you will get 1 month free...   Of course so will I  :)            https://secure.backblaze.com/r/01zrsq

Link to comment
Share on other sites
RobWayBro

RobWayBro   27

Posted
Posted (edited)

Backblaze, interesting.  $5 per month per computer for unlimited data... not bad.  Get a year for $50 (save $10)..thanks will have to check this out..

Edited by RobWayBro
  • Like 1
Link to comment
Share on other sites
chef

chef   3745

Posted
  • Author
Posted

Looks like after a day or so in conversation with Dropbox support, they've been gracious enough to rebuild the dropbox account just prior to the hack.

 

It feels like a weight off my shoulders getting my family pictures and video back. I felt sick thinking it could all be gone forever. 

 

I am also looking into Blackblaze as well. It looks like a really good idea.

  • Like 7
Link to comment
Share on other sites
BAlGaInTl

BAlGaInTl   279

Posted
Posted

Looks like after a day or so in conversation with Dropbox support, they've been gracious enough to rebuild the dropbox account just prior to the hack.

 

It feels like a weight off my shoulders getting my family pictures and video back. I felt sick thinking it could all be gone forever. 

 

I am also looking into Blackblaze as well. It looks like a really good idea.

 

That's good news.  

 

Did they charge you?

 

Out of curiosity, how much is the ransom?

Link to comment
Share on other sites
tdiguy

tdiguy   96

Posted
Posted

Looks like after a day or so in conversation with Dropbox support, they've been gracious enough to rebuild the dropbox account just prior to the hack.

 

It feels like a weight off my shoulders getting my family pictures and video back. I felt sick thinking it could all be gone forever. 

 

I am also looking into Blackblaze as well. It looks like a really good idea.

thats pretty awesome of them.

Link to comment
Share on other sites
mastrmind11

mastrmind11   717

Posted
Posted

I use google photos for all my family photos/video.  It's free.  I also use backblaze for my servers via cli and cron.  I don't back up my media because I don't mind going to find it again, nothing I own is that crucial and the old school stuff I still have on DVD if it comes to that.  I highly recommend google photos as well as backblaze.  But congrats getting your stuff back on dropbox.

Link to comment
Share on other sites
Jdiesel

Jdiesel   1113

Posted
Posted

If you are an Amazon Prime member you also receive unlimited photo and video storage with Amazon's cloud service.

  • Like 1
Link to comment
Share on other sites
chef

chef   3745

Posted
  • Author
Posted

That's good news.

 

Did they charge you?

 

Out of curiosity, how much is the ransom?

No charge from dropbox.

Once I talked to a support person who understood my situation she was very helpful. Much more so then the backwards advice I got on the Dropbox forms.

 

the ransom was 800 dollars in Bitcoin.... Unfortunately.

 

They got none.

Link to comment
Share on other sites
chef

chef   3745

Posted
  • Author
Posted

Doesn't Dropbox use Version History on files?

 

So if a newer version of the same file was uploaded, the previous version is also there.

 

I think you may have to do it on a per file basis, so it will be time consuming.

 

Not sure if Dropbox themselves could just delete the latest version, based on a date supplied to them, and just present the previous version.

 

Just a thought.

Yes there was version history, but it would seem only to reclaim deleted files, not changed ones.

 

Inorder to retrieve the database you have to speak to the support staff.

  • Like 1
Link to comment
Share on other sites
Happy2Play

Happy2Play   8252

Posted
Posted (edited)

No charge from dropbox.

Once I talked to a support person who understood my situation she was very helpful. Much more so then the backwards advice I got on the Dropbox forms.

 

the ransom was 800 dollars in Bitcoin.... Unfortunately.

 

They got none.

 

Hmm over $3,000,000.

 

opps that was 800 bitcoin.

Edited by Happy2Play
  • Like 1
Link to comment
Share on other sites
pir8radio

pir8radio   1292

Posted
Posted

Blackblaze, interesting.  $5 per month per computer for unlimited data... not bad.  Get a year for $50 (save $10)..thanks will have to check this out..

 

 

Looks like after a day or so in conversation with Dropbox support, they've been gracious enough to rebuild the dropbox account just prior to the hack.

 

It feels like a weight off my shoulders getting my family pictures and video back. I felt sick thinking it could all be gone forever. 

 

I am also looking into Blackblaze as well. It looks like a really good idea.

 

 

LOL well..   Hook me up use my link!   https://secure.backblaze.com/r/01zrsq

  • Like 1
Link to comment
Share on other sites
chef

chef   3745

Posted
  • Author
Posted (edited)

Hmm over $3,000,000.

 

opps that was 800 bitcoin.

Yeah, to be honest. I hardly even looked at it, I just saw the window that demanded Bitcoin and thought "No Way!".

 

It could have said 8,000, but by that point I saw the ransom and turned off my computer in case the thing tried to wreck other pcs on the network.

 

Like Wannacry (this was not Wannacry).

 

The encryption seemed to use Adobe.

Adobe what, I'm not sure.

In every folder it found media content it copied a readme file with ransom demands attached.

 

I've started using logging on my front end server, and I can now see all the WAN IPs that hit the domain.

 

I've also signed up for a reverse lookup API and I'm going to run an app (I'm writing) that searches each IP back to the source and save tables of IP information (off network) so if this happens again I should be able to know where abouts the source of the malware was sent from.

 

Get names, addresses, geolocation etc.

 

I'll tell ya no more games when it comes to Cyber security.

Edited by chef
Link to comment
Share on other sites
PrincessClevage

PrincessClevage   173

Posted
Posted

Yeah, to be honest. I hardly even looked at it, I just saw the window that demanded Bitcoin and thought "No Way!".

 

It could have said 8,000, but by that point I saw the ransom and turned off my computer in case the thing tried to wreck other pcs on the network.

 

Like Wannacry (this was not Wannacry).

 

The encryption seemed to use Adobe.

Adobe what, I'm not sure.

In every folder it found media content it copied a readme file with ransom demands attached.

 

I've started using logging on my front end server, and I can now see all the WAN IPs that hit the domain.

 

I've also signed up for a reverse lookup API and I'm going to run an app (I'm writing) that searches each IP back to the source and save tables of IP information (off network) so if this happens again I should be able to know where abouts the source of the malware was sent from.

 

Get names, addresses, geolocation etc.

 

I'll tell ya no more games when it comes to Cyber security.

Hope you can share this app Chef:p

I bought a i5 NUC from alibabba with two nics, connected one to wan router and one to lan router and enabled internet connection sharing then install PRTG and add sniffing service. I also downloaded and installed SoftEther VPN solution (free from a Japanese uni) and a great product which allows L2tp etc VPN connections for free (just needs a little tweek to stop keep alive call home traffic)

  • Like 1
Link to comment
Share on other sites
chef

chef   3745

Posted
  • Author
Posted

Quick question about wail2ban

 

Has anyone got it monitoring anything other the. Windows event viewer?

Link to comment
Share on other sites
ginjaninja

ginjaninja   533

Posted
Posted

some of protections against ransomware i am aware of.

up to date browser with no plugins/no java

adblocker

use filescreen to prevent known ransomware filetypes being created.

disable any inbuilt encryption programs so they cant be called.

have an admin account that you use specifically for write tasks; generally log on with an non elevated account without write access to media drives.

minimise public facing service access permissions in case compromised.

 

Sent from my SM-G955F using Tapatalk

  • Like 1
Link to comment
Share on other sites
  • 2 weeks later...
Guest asrequested

Guest asrequested  

Posted
Posted

Snort is blocking some stuff. I also setup a firewall rule on pfsense to block attempts that are 3 times a second for 60 mins. That's blocking a bunch, too. I have also left IPS enabled on my USG. That is blocking thousands. So here's what I say to those attackers, come at me, bro! :)

Link to comment
Share on other sites
chef

chef   3745

Posted
  • Author
Posted

Just looked at my IPS log. OMG! I'm never turning this thing off!

 

5c1eb3c12b19d_USGIPScropped.jpg

Yeah, that is crazy.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...