General Consultant Discussion

http://enews.zdnet.com/ct/40664882:sanv63l5N:m:1:717848886:56FDCF1AAE1274A0692E7F36CE4D25F2:r:22825588897896859448357279179797

Correct. The small business themselves are not the intended target however they are an unsuspecting victim in the subversive war that happens daily. From our perspective as a hosting provider most small organization do not have the resources in place to mitigate these types of issues. Remember, small organizations look at technology as a dreaded thing they need. And the fewer dollars they can spend on it the better and will not give a second thought to what's really needed to maintain their systems well. This is an attitude toward technology that becomes ingrained culturally at customers and at some point comes back to haunt them. In our experience, the number one reason customers become victim to viruses and random ware is because of unmonitored email. Although it's not perfect, most tragic outages can be avoided by simple maintenance, a few quality dollars spent on hardware, software and someone who knows what they're doing to diminish the risk of becoming the next crypto-victim. It's only icing on the proverbial cake to the perpetrators that SMB's get hit and pay. They are really looking to disrupt operations of large business where the respective reward for their effort is magnified by factors of 1000s of dollars more. Be safe. [An article from Wayne. ](http://www.s-consult.com/2016/10/04/sage-100-and-cryptolocker-prevention-best-practices-and-avoiding-cures-that-slow-your-system/)http://www.s-consult.com/2016/10/04/sage-100-and-cryptolocker-prevention-best-practices-and-avoiding-cures-that-slow-your-system/

The problem is it can be picked up from a bad web page, or any number of sources. And unlike the old days of viruses where it was gets trying to prove their programming prowess over others, (now most are too busy on instagram or playing video games), instead, there is big money in this. Especially for those in countries where a $100 ransom payment can feed them for a month. And people don't realize, in many cloud environments, they are just as susceptible. Many do not make hourly snapshots and massive quantities of files can be corrupted quickly.

Yes. Networks are inherently susceptible if not well maintained. Usually an ounce of prevention and a bit of alertness goes a long way to avoid browsing to a bad page now-a-days. Just stop browsing to those ""questionable sites."" ;) To Mark's point...(Attached). One of the largest ""hosting"" providers that supposedly performs hourly snapshots via a complex SAN array fell victim. Why? The crypto-locker imbedded itself below the OS layer and wasn't caught until it was activated. It was either too sophisticated, the provider was careless or too new becuase it wasn't detected by their intrusion detection systems. Either way, 1000s of their customers were out of service for a week and were only able to recover data 7 days prior to the incident. How did it get in? Email. The crypto-locker performed as designed. Hey, it can happen to anyone. You need to be diligent and spend good effort to avoid a catastrophe. Again, and in our experience... This the primary reason we don't allow email client's in our environment.

We had a customer hit with this yesterday... but their data was safe in SQL (Premium). External files (pdf's, rpt's, spreadsheets...) will still have to be restored if affected, but that's one more thing SQL has over Providex. The SQL Service controls access to the data files, locking them from being modified by a network program.

Yes, but it definitely can and will corrupt SQL backup files, and also in many cases the SQL server EXE's making a restoration that much more difficult. Our own hosting provider, WiredTree where we have about 10 sites, got hit from the other end. Our web pages got payloads injected into them (meaning people surfing would get messages about their software being out of date) and for the few accepting the message, they got ransomware. Turns out the provider really only makes a monthly full backup. Our Eversafe system is perfect for handling this for us and our clients due to it's hourly full snapshots and failover and instant Ransomware alerts and notification, but most of us, including us, have no control or real deep knowledge how the cloud and linux based hosting providers handle backup & disaster recovery. People think because they have a 'cloud' solution, somehow magically viruses, disasters and ransomware problems go away.

@KevinMoyes , Sorry Kevin, these guys think of everything... https://fightransomware.com/ransomware-articles/new-version-cerber-ransomware-hits-businesses-hurts/

It amazes me how customers insist on using backup solutions that cost about 1/5 of what they should cost and then wonder why they are either useless, or take a tremendous amount of time to recover from or lose a large chunk of data. Folks...The ""carbonites"" of the world are great for your kids homework files, but not a business...Tape backup just sucks. They take far too long to restore from if the server is infected and the majority of customers become too 'lazy' about rotations, retention and few customers ever test regularly. If you don't have a system that does real time entire point in time image snapshots, a system that actively monitors the files for signs of infection (if you don't you could lost alot more data due to not knowing about the infection for hours or days), a system that allows you to run your actual backups on stand by hardware while you go through the cleanup or rebuild process on the affected server(s), than it's very likely you will suffer significant business financial and reputation loss due to ransomware. It might happen this afternoon, it might happen next year, but that grim reaper is coming because the money is just too big and smaller businesses don't maintain and patch their entire suite of systems nearly enough