![]() ![]()
Sophos Intercept-X is not the only solution, but it is one solution I have a lot of experience with. Implement a solution that actually prevents the ransomware from functioning the way it was intended. Do not rely on any single method of protection or assume cloud storage versioning will be a silver bullet. It will search out, find, and destroy your backups where possible. Ransomware is going to attack volume shadow copies and cloud storage. #Backup and sync google drive desktop installInstall Sophos Intercept-X or some other form of anti-ransomware protection as a bare minimum. Its also more than just a little disruptive as I don't know about your fellow employees but they get real touchy when their icons are exactly in the same place, replace their computers and some have a meltdown. Even if you have a robust imaging program for a business this can take days or even weeks in bigger organizations. It's why you have to practice scorched earth, and remove all clients from the domain and restore from prior to the infection, then bring clean workstations back online. ![]() Average JOE 6 pack goes, "idiots didn't they have backups?" Well yeah they DID! but whose to say that they restored all their stuff from backup and the original source of the malware from Mary in HRs computer was not contained and their files just got encrypted again? News report comes out that ABC company got ransomware. What encrypted the files in the first place? you must source out what caused the encryption, otherwise your restored file will just get re-encrypted again. Like most "how to recover from ransomware" threads though, it misses the real problem. I'd also say technically backup does the same thing, both have a problem though. Most cloud drives (thinking you Sharepoint/Onedrive) have versioning, but I am not entirely sure of the viability of using it as a way to avoid ransom encrypted files. You could also invest in a NAS with similar Google Workspace sync/backup capabilities of you prefer to keep an on-prem or off-site backup. Spinbackup and Datto are two of many available services that spring to mind. On a similar note, there are third-party backup services out there that can do a bulk rollback of your Google Workspace environment of you're willing to pay for them. But hey, people also need to get their work done, and that's what handy apps like the Google Drive client are there to help them do. If the security needs genuinely warrant taking away certain features (like in highly related industries, like healthcare), then they may be justified in doing so. Of course, the caveat is that every business has their own security needs that need to be balanced with operational needs. If the safeguards are in place, there is less need to take away quality of life features, like mapped drives, in the name of security, especially if there is not a blatant flaw or weakness in said feature. I believe having those in place will deliver more value than indiscriminately banning mapped drives. More important would be ensuring that other best practices are in place, such as policies of least privilege and a solid backup architecture. I think there are more prominent questions to ask. Even if a remote share isn't mapped on a workstation, that wouldn't necessarily mean it's protected from being infiltrated by other network scanning tools. ![]() Personally, I've not seen the need to axe mapped drives in the networks I manage. In a sense, every service or bit of connectivity we deploy introduces some sort of surface area that could be utilized in an attack. In one sense it's an unanswerable question of what ransomware you'll get hit with when or if that actually happens. I saw this post about having to restore Google Drive data after being hit with ransomware: SW Ransomware & Google Drive This got me thinking, if my machine were to get hit with ransomware / cryptoware would this make it easier to encrypt my entire Google Drive content? Or would it have been easier to encrypt content before? What best practices should be followed to reduce the likelihood of a Google Drive being encrypted - besides not syncing to it. The new Drive for Desktop now uses a mapped drive letter instead of just a folder on the PC. #Backup and sync google drive desktop PcAlas now I must choose to sync everything from My Drive to my local hard drive or stream files from the cloud to my PC (with some option to have certain files available offline). #Backup and sync google drive desktop freeEverything seemed to go smoothly and I gained about 150 GB of free hard disk space after deleting the old Google Drive folder. So yesterday I updated my Google Drive sync client from Google's backup and sync to Google Drive for Desktop. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |