Reply to post: Monitor the database?

Ransomware 2.0 'crypts website databases – until victims pay up

thames

Monitor the database?

The key thing seems to be that the data is being both entered and used through the same web application. If the data was also being used by a separate back-end application that wasn't compromised by the attackers, it would choke on the encryption and the problem would come to light more quickly.

Perhaps that same principle could be used to monitor the database. If you had something running on another, more secure server that continually checked the integrity of the data you could have it notify you of any problems. Of course now you have to make sure that this server doesn't get compromised somehow, but that might be easier to arrange, and it adds another hoop the bad guys have to jump through. It also helps guard against problems caused by mistakes or equipment/software failures as well as intentional damage.

I won't be surprised to see security vendors offer an approach based on the above. I also won't be surprised if we see upcoming stories about how the administrators of some major company ignored such warnings because the very expensive enterprise data integrity monitoring solution spit out a deluge of spurious warnings all the time.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022