All your eggs in one basket == Cloud Disaster!
August 18, 2020 at 9:52 am #61404
August 18, 2020 at 10:13 am #61409ParticipantWheels-Of-Fire@grahamdearsleyForumite Points: 6,312
Oh Dear ! Don’t you just hate it when things like that happen 😆
And the == in the title reminds me of another thing I hate, the reuse of symbols in programming languages to mean different things. The use of * in C++ to mean at least 3 different things is especially annoying.August 18, 2020 at 10:27 am #61411
Sounds like sloppy planning to me. First rule make sure it’s backed up!
I suspect they worked on live data. In any event they had no backups which would have negated any Ransomware attack too.
“Bleeping Computer was eventually able to get their hands on a partial screenshot of the alleged Canon ransom note” there is absolutely nothing to tie that to anyone, it’s just the generic text. In fact they could have typed it themselves in Notepad.
10GB long term storage – 10GB? Do me a favour. Even 10TB seems light. One of my customers just bought a 14TB server for his small business.
The “Message from the IT Service Center” doesn’t look like the sort of thing a Corporate IT Dept puts out. You most certainly would not put a Confirm Receipt button on it. What system is it using if everything is out? Neither does the internal message from the “Crisis Management Committee”. The internal server error message means nothing.
Sounds like speculation and a deal of making up the evidence.
August 18, 2020 at 10:59 am #61414
- This reply was modified 3 months, 2 weeks ago by Dave Rice.
“I suspect they worked on live data. In any event they had no OFFSITE backups which would have negated any Ransomware attack too.”
Corrected – the so-called Maze interview suggests that they had sufficient time to locate and infect all on-site networked backups.August 18, 2020 at 5:49 pm #61421
That’s not really a backup then. Sloppy. They should have defences looking for this sort of activity too, it can be stopped before it does untold damage.
Ransomware can have a pop at any of the businesses I look after, they won’t get anywhere besides being a temporary PITA if it even gets to activate. If I can do it on a shoestring then Canon have no excuses.August 18, 2020 at 8:43 pm #61423
+1 – no argument, I certainly would not like to be in any Canon IT position, but I’ll bet it was outsourced!
August 20, 2020 at 7:36 am #61471
- This reply was modified 3 months, 2 weeks ago by Ed P.
There is more on the tactics of the Maze group in this El Reg article.August 20, 2020 at 9:50 am #61475
One of the comments that I totally agree with:
The fundamental problem is lack of robustness at the victim end. Ransomware (like any other attack that typically starts at the workstation) only gets to affect a corporation because it can spread internally. There are many controls that can in principle contribute to restricting its spread, but they’re just not usually implemented.
Most corporate networks are wide open: a hard-ish shell full of holes surrounding an ultra- soft centre.
Sometimes there isn’t a great deal you can do about that, especially in a smaller business, but that’s where unlinked backups come in. Synology makes unlinking backups easy and having linked (live) data protected by a versioning system. Encrypt a file? Go back to the last version. Too many? Restore last nights local backup. They (somehow) got that too? Restore last nights offsite backup and pick out any urgent files / folders to any PC anywhere via a browser.
I also use AV designed for small businesses, not home products. Even McAfee have got their act together, but BitDefender is my favourite.August 21, 2020 at 6:56 am #61510
Programmers seem to have it in for photographers as Adobe Lightroom has also wiped photos with no way of recovering them. linkAugust 21, 2020 at 9:27 am #61512
Bloody Adobe! Prime example of a near monopoly player in action. Did they not test it?
Synology are really pushing at Pro Snappers as BTRFS being self healing protects against bit-rot. Backup to an external drive or another Synology is easy and there’s a cheap offsite cloud backup service available. Modern HDDs are huge, a 2 bay would do most people these days never mind a 4 or 6.
You can also create shareable albums and use it as a download portal by giving customers a protected personal url to their folder. This can be restrict to X number of downloads and / or a date range. A surveyor I support does just this and it’s saved them a fortune in email costs (no more huge attachments in the archive). “Here’s the link to your survey, you have 30 days to download it and you can do this twice.”August 21, 2020 at 11:05 pm #61541ParticipantTippon@tipponForumite Points: 4,139
Backup to an external drive or another Synology is easy and there’s a cheap offsite cloud backup service available
Do you know of any decent guides? I think I’ve got it all sorted, but I don’t want to test it like these guysAugust 22, 2020 at 10:10 am #61546
Synology’s C2 service is just another destination in a Hyper Backup task. You need to create a C2 account first, there’s a 30 day free trial.August 23, 2020 at 3:42 pm #61562ParticipantDrezha@drezhaForumite Points: 3,136
I am impressed with the offsite backup feature – I set one up a few years ago for my wife’s family after they were hit with ransomware. Set up Synology Sync (whatever the one prior to Drive was called) to sync to the NAS and then set the NAS to use mine as an offisite backup. Now, I just have hyper backup send to my 300GB of Synolgoy C2.August 23, 2020 at 6:47 pm #61570
I have a 2TB pool for my customers (which I charge for). Going 1TB+ opens up hourly backups (no-one really needs that atm), deduplication and a customizable retention policy. Their first backups can take days but after that the average is <10 minutes, the surveyor with 100+ photos per survey often comes in near 20 but never more. Even the Legion which only has ADSL use it.
With servers currently in empty buildings or vulnerable at home it’s a comfort to know the backups are there and easily restored. Not sure what will happen if there’s no Brexit deal as the data centre is in Frankfurt, but we’ll cross that bridge when we have to.August 23, 2020 at 10:31 pm #61579ParticipantTippon@tipponForumite Points: 4,139
Synology’s C2 service is just another destination in a Hyper Backup task. You need to create a C2 account first, there’s a 30 day free trial. Hyper Backup guide here, video guide here that uses C2 as an example. It’s all pretty straightforward but explains the various options, like smart versioning.
Sorry I’m a bit slow replying. I jinxed myself this time. I realised last night that after a rearrange in the office, I hadn’t turned the Synology back on. I turned it on and it beeped like crazy for ages while I was trying to log in. One of the hard drives has started to fail
After a few hours of moving files around I managed to get the most important stuff onto the external drive too, and am now just waiting for the replacement drive to arrive, hopefully on Monday.
I’m tempted to format the lot and start again, but making sure that I definitely do it properly this time.August 23, 2020 at 11:20 pm #61582
If you’re sure the data is OK then that sounds like a plan. When you put the drive in it will start to rebuild the array, the easiest thing to do is a hard factory reset.
Get a paper clip or a SIM card removal tool and hold down the reset button for about five seconds—until you hear a beep. Then let go immediately. Right after that, hold down the reset button again for five seconds until you hear another beep. Let go immediately after that.
Your NAS will beep a couple more times, and then the NAS drive will reboot. After a couple of minutes, the status light will blink orange. DSM is now ready to be reinstalled.
Just shout if you need any help, always happy to pass on my knowledge of these boxes.
- You must be logged in to reply to this topic.