Jump to content

Hacking victim hacks the hackers and releases their encryption keys

spartaman64
24 minutes ago, dalekphalm said:

In the case of ransomware, a good backup system is worth more than common sense, if you're doing one or the other. Ideally, you do both.

A good offline backup.

Too bad hot swap caddies are not the thing anymore like them old days, except for servers.

Intel Xeon E5 1650 v3 @ 3.5GHz 6C:12T / CM212 Evo / Asus X99 Deluxe / 16GB (4x4GB) DDR4 3000 Trident-Z / Samsung 850 Pro 256GB / Intel 335 240GB / WD Red 2 & 3TB / Antec 850w / RTX 2070 / Win10 Pro x64

HP Envy X360 15: Intel Core i5 8250U @ 1.6GHz 4C:8T / 8GB DDR4 / Intel UHD620 + Nvidia GeForce MX150 4GB / Intel 120GB SSD / Win10 Pro x64

 

HP Envy x360 BP series Intel 8th gen

AMD ThreadRipper 2!

5820K & 6800K 3-way SLI mobo support list

 

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, NumLock21 said:

A good offline backup.

Too bad hot swap caddies are not the thing anymore like them old days, except for servers.

The backup doesn't inherently have to be offline. Most ransomware will simply look at available HDD's or drive letters (basically anything directly accessible). If you're using a server or NAS based backup system, as long as the backups themselves are stored in a folder not accessible by the client computer, you're totally fine.

 

Ideally you'd incorporate offline backups into your larger system though.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites

Link to post
Share on other sites

29 minutes ago, dalekphalm said:

The backup doesn't inherently have to be offline. Most ransomware will simply look at available HDD's or drive letters (basically anything directly accessible). If you're using a server or NAS based backup system, as long as the backups themselves are stored in a folder not accessible by the client computer, you're totally fine.

 

Ideally you'd incorporate offline backups into your larger system though.

Sometimes they encrypted networks drives too, so an offline backup is good to have.

Intel Xeon E5 1650 v3 @ 3.5GHz 6C:12T / CM212 Evo / Asus X99 Deluxe / 16GB (4x4GB) DDR4 3000 Trident-Z / Samsung 850 Pro 256GB / Intel 335 240GB / WD Red 2 & 3TB / Antec 850w / RTX 2070 / Win10 Pro x64

HP Envy X360 15: Intel Core i5 8250U @ 1.6GHz 4C:8T / 8GB DDR4 / Intel UHD620 + Nvidia GeForce MX150 4GB / Intel 120GB SSD / Win10 Pro x64

 

HP Envy x360 BP series Intel 8th gen

AMD ThreadRipper 2!

5820K & 6800K 3-way SLI mobo support list

 

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, NumLock21 said:

Sometimes they encrypted networks drives too, so an offline backup is good to have.

Yeah but typically only ones that are mapped to a drive letter. Offline backups are a useful addition to a full backup system - but they are not necessary by themselves.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, Caroline said:

Hang on if he was a hacker why did he paid the other hackers? It looks like he could've just stolen the keys without paying a cent, seems weird.

Likely it was the delivery method of the decryption key for himself that allowed him to crack into the database.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites

Link to post
Share on other sites

11 minutes ago, dalekphalm said:

Yeah but typically only ones that are mapped to a drive letter. Offline backups are a useful addition to a full backup system - but they are not necessary by themselves.

So only mapped network drives get encrypted and not other systems on the network. I heard some ransom wares encrypts other systems on the network too, not just mapped drives. Offline backup can also be a full backup, it's physically disconnected, the only downside is, there is no real time backup. Have to backup in intervals like every night, every few days, or week.

Basically it's better to have more than 1 backup just in case if one of them fails physically.

Intel Xeon E5 1650 v3 @ 3.5GHz 6C:12T / CM212 Evo / Asus X99 Deluxe / 16GB (4x4GB) DDR4 3000 Trident-Z / Samsung 850 Pro 256GB / Intel 335 240GB / WD Red 2 & 3TB / Antec 850w / RTX 2070 / Win10 Pro x64

HP Envy X360 15: Intel Core i5 8250U @ 1.6GHz 4C:8T / 8GB DDR4 / Intel UHD620 + Nvidia GeForce MX150 4GB / Intel 120GB SSD / Win10 Pro x64

 

HP Envy x360 BP series Intel 8th gen

AMD ThreadRipper 2!

5820K & 6800K 3-way SLI mobo support list

 

Link to comment
Share on other sites

Link to post
Share on other sites

Backing up using the 3-2-1 method is still the best way to do it.  It is fairly easy to make one of those generally be an offline copy most of the time to enhance the hack/ransom security of it, except during the backup moment.

https://www.backblaze.com/blog/the-3-2-1-backup-strategy/

Here's an easy to read writeup about it for anybody interested.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×