Cerber ransomware menace now targeting databases Criminals behind the massive Cerber ransomware enterprise are now targeting businesses as well as individuals with a module that kills and encrypts databases, warns Intel's former security arm McAfee. Cerber had conducted more than 160 campaigns when examined in July targeting 150,0000 users and raking in a cracking US$195,000 …
These attempts continue to flood the mail server - we have to be lucky all the time, they only have to be lucky once. I now have a list of "banned attachments" a yard long. If the authorities put the same effort into tracing and finding these criminals that they have put into inspecting presidential candidates email use then we'd all be a lot safer.
> coming up with a suitably deterrent punishment. Like publicly skinning them alive one square centimetre at a time over the course of a week or two.
Now now. I'm not a fan of Hillary or Trump either but I think I have to draw the line at a day or two.
Seems to me the solution is not giving blanket write access to the plebes in your office.
You could send fake phishing emails to all employees at random intervals, and anyone dumb enough to execute the attachment gets locked out of everything important.
Quickly, before the attackers encrypt the dilithium crystals!
Since "most of these arrive via the inbox", it might seem logical that an office system would run a virtual OS specifically for email and sending / receiving attachments. It could be a cookie-cutter installation with access only to its own filesystem. If compromised, it could simply be blown away and replaced with a new one from template. An attacker could not -- without hacking the hypervisor as well as the OS -- get to system files, let alone the rest of the network.
Yes, it's still possible to hack through the hypervisor etc. But security is never about absolutes. It's always about raising the difficulty high enough to make hackers look elsewhere. Make the hackers' dev work too hard, too much effort for the probable return on investment.
And yes again, it would make office tasks quite a bit more complicated. Files would have to be shuffled through safe-zones and mandatory malware detection.
Is the extra trouble worth not having your company's highly lucrative stock-trading database encrypted?
Interesting, thanks for the heads-up.
Most of the material on the Bromium website is heavy on advertising claims and low on tech specs. But from what I can gather, it sounds like they're offering application-specific "micro-VMs", which is certainly one approach. Browser-in-the-Box, of course, uses something like that. When on Ubuntu, I use FireJail -- another methodology, but with similar aims.
Certainly a step up from straight Windows, and a running battle to blacklist malicious attachments based on extension or heuristics.
I can take the marketing bullet for the content on the website, but don't let that frustrate you.
Probably the coolest thing we have is the Ransomware video on our YouTube channel that shows how we contain the malware and if you are so inclined - let it run with no threat to the network. We are an enterprise security platform but our customers have launched more than one billion micro-VMs and no one has reported a breach. That's all over the world with defense-grade protection. It's worth kicking our tires and checking out what we do. Our customers report with Bromium, they relax because their end users are no longer their constant headache and they gain intelligence that helps them prove value to their execs.
I love that you guys already knew about us! And if you have technical questions - hit up @simoncrosby - one of our founders - on Twitter. He's an unabashed expert who pulls no punches.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
