UtterAccess.com
X   Site Message
(Message will auto close in 2 seconds)

Welcome to UtterAccess! Please ( Login   or   Register )

Custom Search
 
   Reply to this topicStart new topic
> Thieves Broke Into A Biz And Stole Computers, Any Versions    
 
   
FrankRuperto
post Feb 6 2020, 09:54 PM
Post#1



Posts: 785
Joined: 21-September 14
From: (MilitaryBrat) Tampa Bay, Florida, USA


Friend told me they took computers with accounting data and other valuable items. Data has become such a valuable commodity that thieves are now also targeting computers. If storage devices are not encrypted, data is vulnerable. If you encrypt them, no one will be able to access the data unless they have the recovery key. Ransomware attacks also wont succeed because the data is already encrypted.
Attached File(s)
Attached File  EncryptionDrivesC_D.PNG ( 257.1K )Number of downloads: 26
 

--------------------
Currently supporting pawnbrokers that use my store management system developed with Access 2010 on Windows7. Experienced with Informix, Oracle & PostgreSQL db's.
Go to the top of the page
 
nvogel
post Feb 7 2020, 01:45 AM
Post#2



Posts: 1,069
Joined: 26-January 14
From: London, UK


QUOTE
Ransomware attacks also wont succeed because the data is already encrypted.

That doesn't sound right to me. Encryption like BitLocker protects you against disclosure if the device is stolen but I expect ransomware would normally be run stealthily within the security context of an authenticated login so I don't think BitLocker would make any difference. If you encrypt individual files using some another encryption method that doesn't use Windows auth then that should stop an attacker reading the content but won't stop ransomware from scrambling the files.


This post has been edited by nvogel: Feb 7 2020, 01:46 AM
Go to the top of the page
 
adaytay
post Feb 7 2020, 04:50 AM
Post#3


UtterAccess VIP
Posts: 3,742
Joined: 7-October 03
From: Yorkshire, England.


Completely agree with nvogel, ransomware needs access to the file system (ie, logged into Windows) in order to encrypt the files. If the PC is not logged into Windows, then access to the drive is not possible and Ransomware can't target it.

If the PC is protected with a boot-up password (as is good security practice on mobile devices including phones and laptops/tablets, eg Sophos SafeGuard or other methods, including but not limited to BitLocker), the data is inaccessible to anyone without the security key. Most, if not all, mid-large corporate organisations will have MDM (Mobile Device Management) and security encryption as standard, although this would usually be confined to mobile computers. Indeed, given the introduction of tighter controls around personal information in Europe (GDPR), this should absolutely have been part of the compliance checks for mobile computers. If this company in question did not have encrypted hard drives, and stored sensitive/personal data on PCs, then they should be looking for a new head of IT, IMHO.

If Desktop PCs have been stolen, these are less likely to be encrypted - however, any sensitive or confidential should have been kept off them and stored on a secured network device, so that if a desktop PC is stolen they literally get a PC, that's it.

--------------------
Cheers,

Adam.
Go to the top of the page
 
FrankRuperto
post Feb 7 2020, 08:35 AM
Post#4



Posts: 785
Joined: 21-September 14
From: (MilitaryBrat) Tampa Bay, Florida, USA


In the help screen it says BitLocker blocks hackers from accessing the system files they rely on, and the recovery key and login password are sealed in the TPM chip, so how can ransomware authenticate and run with elevated priviliges to do its thing? As added insurance, me and my users make a daily system image backup to an external device, and none of our data is stored on the Windows boot Drive C which is where most viruses attack.

--------------------
Currently supporting pawnbrokers that use my store management system developed with Access 2010 on Windows7. Experienced with Informix, Oracle & PostgreSQL db's.
Go to the top of the page
 
nvogel
post Feb 7 2020, 10:04 AM
Post#5



Posts: 1,069
Joined: 26-January 14
From: London, UK


BitLocker does provide protection against hacking but that's very different to malware. Ransom malware usually infects a machine because a user opens an email, clicks a link or otherwise runs a disguised malware program. The program is therefore already running under the user's login and it has access to that user's files. This is just the same as running any other program (Notepad, Word or Access) which can access your files and doesn't need any special authentication when run on a system with BitLocker.
Go to the top of the page
 
FrankRuperto
post Feb 7 2020, 10:14 AM
Post#6



Posts: 785
Joined: 21-September 14
From: (MilitaryBrat) Tampa Bay, Florida, USA


So would User Account Control warn that what you just clciked on wants to make changes to Windows, or an anti-virus catches it?
This post has been edited by FrankRuperto: Feb 7 2020, 10:15 AM

--------------------
Currently supporting pawnbrokers that use my store management system developed with Access 2010 on Windows7. Experienced with Informix, Oracle & PostgreSQL db's.
Go to the top of the page
 
nvogel
post Feb 7 2020, 10:34 AM
Post#7



Posts: 1,069
Joined: 26-January 14
From: London, UK


UAC will block some malware but one problem is that people tend to click through the warnings either because they are careless or because they think the program is safe. There are also security vulnerabilities that may leave a system at additional risk if they not patched. I recall a recent discussion in these forums about the risk of older versions of Windows. Virus checkers and Windows updates are really the best protection.
Go to the top of the page
 
FrankRuperto
post Feb 7 2020, 11:26 AM
Post#8



Posts: 785
Joined: 21-September 14
From: (MilitaryBrat) Tampa Bay, Florida, USA


Understood. My users only run a mission_critical Access app on offline workstations. The only time they're connected to the internet is if we have to remote to do maintenance. These users have separate workstations for Outlook and other online activities and they never copy anything from their online box to the offline box. Been running like this for 10 years with no issues.

--------------------
Currently supporting pawnbrokers that use my store management system developed with Access 2010 on Windows7. Experienced with Informix, Oracle & PostgreSQL db's.
Go to the top of the page
 
FrankRuperto
post Feb 8 2020, 06:15 PM
Post#9



Posts: 785
Joined: 21-September 14
From: (MilitaryBrat) Tampa Bay, Florida, USA


How can ransomware successfully encrypt files if the files are already encrypted?... Wouldn't it have to first decrypt them in order to encrypt them again?

--------------------
Currently supporting pawnbrokers that use my store management system developed with Access 2010 on Windows7. Experienced with Informix, Oracle & PostgreSQL db's.
Go to the top of the page
 


Custom Search


RSSSearch   Top   Lo-Fi    29th March 2020 - 10:44 AM