|
|
|
|
|
|
by xoa
915 days ago
|
|
|
>but not from malicious acts from someone in your network with a privileged account I do think it's depressingly much, MUCH harder then it should be to catch it though for normal people. This should be a turnkey thing built into all data software, NAS options like TrueNAS or whatever else, cloud services of course (though I think some now do). Ransomeware attacks, by their very nature, are extremely detectable on a technical level. Their access patterns are unique, and of course they fundamentally change the entropy of all the data on the system. This is something a watch dog should just be able to automatically detect and alert, preferably immediately freezing things. With the kind of atomic snapshots available roll back should be easy. Capabilities can separate snapshot deletion from read/write, raw storage space is quite cheap. Backups should be default pull based with a lot of controls, so that the backup system offers no administrative access over the general network at all. Etc etc. The technical ingredients are there, yet it's still hard to find stuff where someone can just click a checkbox that says "alert on ransomware pattern detection" :(. This should be a very solvable problem, or at least able to be made enormous more challenging to pull off, vs most of the security challenges in tech. It's a shame it hasn't been. |
|
|