back to article ‘Precursor malware’ infection may be sign you're about to get ransomware, says startup

Ransomware is among the most feared of the myriad cyberthreats circulating today, putting critical data at risk and costing some enterprises tens of millions of dollars in damage and ransoms paid. However, ransomware doesn't occur in a vacuum, according to security startup Lumu Technologies. A ransomware infection is usually …

  1. Mayday Silver badge
    Unhappy

    Makes sense

    I'm aware of an example of a very well-known government department (I know there's more than one) where the baddies were resident for almost a year sitting silent before unleashing the fury.

  2. John_3_16
    Facepalm

    Almost mind numbing...

    I have a top of the charts real time AV that includes regular scans for the malware mentioned & ransomware. I have a dedicated real time ransom scanner that is more AI oriented & compatible with my AV. I also have 2 manuel scanners; one is for anything & everything; the other is not virus oriented but spyware, adware, malware & PUPs. Update & run weekly. Scheduled runs of first plus their real time protection.

    Have had my a$$ saved on numerous occasions because of being security heavy. Security Apps in browsers & security set in my VPN. VPN firewall through my system firewall through my router firewall has always been plenty.

    I don't have any money to give the ransomware attackers. I do have weekly ISO backups. I do visit the occasional sketchy website or two.

    It confounds me to think governments & companies would not do the same. I am using Windows 7 & it is currently COMPLETELY up to date. I stay updated on current status of security systems. Most who get hit are not updating or using incomplete security systems for their networks. Boggles the mind that they are willing to spend that kind of money on a flier that you may or may not get your data back.

    Hire a person &/or persons whose job it is to protect you at all levels & update as they are made available. Laziness is unforgivable. Gambling with the company assets is unforgivable. [̲̅$̲̅(̲̅▀̿Ĺ̯▀̿ ̿)̲̅$̲̅]

    1. Pascal Monett Silver badge

      Re: Almost mind numbing...

      Sounds like you're running a PC in Fort Knox.

      I just have MS Defender for the PC. I use Firefox with NoScript and uBlock Origin.

      And I don't open attachments from people I don't know.

      1. W.S.Gosset Silver badge

        Re: Almost mind numbing...

        Pfft. He rents a VM to Fort Knox so they've got somewhere they feel safe.

    2. heyrick Silver badge

      Re: Almost mind numbing...

      "update as they are made available"

      Oops, there goes network printing, again.

    3. veti Silver badge

      Re: Almost mind numbing...

      You do know that extended support for Windows 7 ended more than two years ago, right?

      1. Anonymous Coward
        Anonymous Coward

        Re: Almost mind numbing...

        My employer (pharmaceutical) pays Micros~1 for Windows 7 updates - for the third year now...

        Every office computer is running Win10 Enterprise but there are several validated and qualified production systems that are spec'd to run with Win7, GPO'd, monitored, segmented and firewalled up the wazoo.

        I don't think there's really anything that prevents resourceful people from installing those same Win7 Enterprise updates at home or elsewhere. ...or maybe the OP meant the his system is up to date with those last public 2020 updates?

  3. Clausewitz 4.0 Bronze badge
    Devil

    Advanced Malware - No way to stop

    Try to block:

    - Command and control using youtube, whatsapp, telegram, google drive, github. You cannot.

    - Try to make employees to not open word documents. They can have zero days, not only macros, and those can be sent inside a hijacked email thread from a "trusted" person. If you block, they cannot work.

    Basically, you are only going to stop the less skilled hacker which buys "kits" on the open market. High skilled actors will ALWAYS find a way to penetrate your network. ALWAYS.

    1. HildyJ Silver badge
      Pirate

      Re: Advanced Malware - No way to stop

      Too true.

      Start from the assumption that every byte on all your kit is available to anyone who wants it. Make sure that the data you need is backed up away from the internet. Make sure that multiple backups are kept and label them so that humans can know what they are before you try to load them.

      Scanning for and eliminating precursor malware should be done but, like a garden, no matter how often you pull the weeds, new ones will sprout.

    2. heyrick Silver badge

      Re: Advanced Malware - No way to stop

      You forgot the C-suite ponce who doesn't want to have to deal with all your "security nonsense" and since they outrank your boss, it's a simple matter for them to raise the issue in a way that gives you no choice but to punch a hole in the defences.

      1. veti Silver badge

        Re: Advanced Malware - No way to stop

        We heard that a lot back in the 90s/00s, but is it really still happening that way?

  4. Nursing A Semi

    Users

    Eliminate the odd user who flat out refuses to learn. We had one who got infected 5 times over a 2 year period and this was with a policy in place of blocking attachments and users having to request they be unblocked "obviously there were exceptions on a trusted list". But sadly said user refused to change their behaviour and no doubt is still allowing bad actors into their system, happily though this is a SEP as I moved on years ago.

    1. Anonymous Coward
      Anonymous Coward

      Re: Users

      This. I've been downvoted in the past for saying that people that fall provide a gateway into your organisation should suffer some sort of consequence for being that gateway. It's been said that if you take the approach then what you do is make people less likely to report issues when they occur.

      Of course if you're weeding out the useless actors (or at least giving them a chance to learn) in the first place then there should be less stuff to report.

      1. Ian Johnston Silver badge

        Re: Users

        I assume that my employer takes steps to ensure that when I use their toilets I am not at risk from legionnella, that when I use their light switches I am not at risk of electrocution, and that when I eat in their canteen I am not at risk of e-coli. Why should I not also assume that when I read an email provided to me by the company on a computer owned by the company it is a legitimate email and I can do what I like with it?

        Don't blame users for failures on the IT side.

  5. trindflo Bronze badge
    Windows

    is this a wrapper for a built-in feature?

    It sounds really clever, but doesn't Windows have what you need for that built-in?

    http://woshub.com/enable-dns-query-logging-parse-logfile/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022