At 01:01 PM 9/16/2015, Fred Cisin wrote: >But, those still require a gullibility error on the part of the user, don't >they? Do the ads actually load and run the ransomware, or just present the >fraudulent upgrade offer to bring it in?
The bad guys are slipping silent-install vulnerability exploits into the HTML of ads they place through ad networks. No user error or trickery involved. You never see it coming. You visit a reputable site, but can you trust their ad network and all its subcontractors and all their sub-ad-networks? As to why your antivirus didn't see it... there's always a few days before the latest infection mechanisms are documented and added to the AV updates. As you say, your backup needs to be effectively off-line, not on a visible writable filesystem, and you need to detect when files have changed and keep previous versions within a reasonable window of detection. Few residential and small-business networks have anything like that. Most write simple backups to attached or network storage. Cloud-based backup is nice, and slow upload speeds throttle the damage, but how many cloud-based small-business backups can recover N previous versions of changed files? When I first heard about Cryptolocker, I wanted to give up consulting and find a different career. - John