The true irony is if it wasn't for Nixon the air in New York would probably be as polluted as the air in Beijing or perhaps even worse. There used to be a bit more policy related to reality instead of the opinion of a donor.
but I think your cenario is only true if the ransonware creates all encrypted copies and THEN delete all original files
Yes that is how it works. That's why I was able to recover files after a MS Outlook user clicked on the wrong email, which then had IE helpfully run stuff causing the computer to get hit with a cryptolocker variant.
how are you so sure that the file management routines are NOT going to use the recently freed sectors to store the new file? On a spinning disk?
It's a statistical thing - perhaps consider likely file sizes versus volume sizes and you should be able to understand how unlikely it is unless a very large number of blocks are being rewritten compared with the number of blocks available. Do the numbers in your head, it's not hard. If it's worked on 1GB of files (a LOT for ransomware since it targets specific file types) and there is 500GB free on a spinning disk that's a 0.2% chance that you've lost the lot in an overwrite. If you have very little free space the chance of losing something increases. If it's an SSD the chance is close to zero of losing anything unless the disk is very full since unused blocks are used before the time consuming process of clearing used blocks.
So the odds of losing EVERYTHING are vanishingly small. Losing something could happen on a fairly full disk or spinning disk, and recovery is a pain, but the script kiddies that made the malware either didn't know or care about what used to be taught in high school as far back as the 1980s about disk operations.
Reagan paying the ransom didn't work out well either. By the end it had spread from Iran to Hezbolla and classified anti-tank weapons were delivered to Hezbolla in exchange for hostages. Now the guy who was arming Hezbolla against Israeli tanks (Oliver North) is one of the guys running the NRA - no wonder they are calling for the right for suspected terrorists to buy guns!
Insightful? Have people here forgotten about disk operations and that the encrypted file is a copy of the original laid down on different blocks before the original is deleted? Eventually stuff is going to be overwritten but before that it is deleted files and a collection of new ones.
Deleting several registry key associated with booting into Safe Mode
Not really a problem if you do the sensible thing and access the filesystem with something incompatible with the virus. After all, nobody would be stupid enough to trust an owned system or risk infecting something else would they when the alternative is a free download running off CDROM without even having to install it? They would? They should go back to school and stop telling people they are computer professionals.
It's not difficult, just really annoying, time consuming and makes you think far too long about how all that messing about could be saved if that person had listened to advice about not using MS Outlook set to automatically open attachments and not opening strange emails. Photorec is very good. It is not fast, because when it gets down to it you are asking it to do something difficult. Filenames are of course lost but file types are know and grep plus all the rest can be used if you have a few clues about what you are looking for. Of course it turns up a vast number of files you are not looking for - a very large number of the temporary files used over years are likely to turn up.
The typical behaviour is encrypt to a new file and delete the old. Of course if does it on a lot of files the blocks used by those early deleted files can get overwritten.
Obviously not important enough to have a backup strategy in place and obviously not important enough to have on an OS suitable for something other than playing video games at home. The places that take things seriously have filesystem snapshots and offline backups on tape or similar. You want an MS system? Fine, just make sure the files are stored under the adult supervision of something else that can give you those snapshots etc. Someone hacking in from outside can't fuck up your tapes on a shelf, or even better in a different building in case of fire etc.
It's hard work, however it's much easier to recover a deleted file on Windows than it is to recover an encrypted file. *If*, and that's a big if, you knew where it was.
Photorec is pretty good at recovering all deleted files it can find on a volume. Of course then you have to sift through a huge number of files where all you know is the type - but that's when you use grep or other things from a system incompatible with the malware that will help you find the files you want among all the recovered temporary files you do not want.
That means you take the infected thing away from any "windows guru" as rapidly as possible before they overwrite things and/or spread the infection, and of course take a disk image first so you've got something to go back to.
Jemima Kelly may not know what an operating system is but the submitter should. Editors - please take a look at that summary and convert it into something that does not look so utterly stupid and ignorant.
The law of the land still trumps agreements between people and companies so we are saved from such ridiculous terms of service.
People are used to illegal "no refunds" terms of service anyway and take wild attempted power grabs as being a worthless unenforcable tissue of lies anyway.
Libertarians take note - do you REALLY want a society where the law of the land does not protect people from abusive agreements between parties? Take a look at the parts of the world where parents sell their kids into sex slavery if it hasn't sunk in yet that such a thing is an incredibly bad idea.
True but I'm addressing the common and dangerous "NAT is security via obscurity therefor IPv6 should be avoided even though it can do NAT if you really want" myth. The bad guys can get through NAT easier than we would hope.
Back in the day on platforms like the Atari ST that was the case, but it sucked since you had to wait until the printing was done before you could do anything else. Some enterprising people wrote "print spooler" programs that could be resident in the background and handle communication with the printer while the user could do other stuff, even on platforms where the OS did no enable multitasking. Later platforms had that come with the software distribution or with the printer drivers.
The ones on the MS platform are very limited so a lot of printer vendors have extra software that interfaces directly with the spooler API or even replaces it entirely (needed for things like plotters with rolls of paper and other edge cases not covered by the very limited MS print spooler software). Since it is written to allow third party stuff to get it's hooks into it and was written at a time when MS infamously didn't give a shit about security problems the obvious has happened and it has been exploited. Maybe it's a sign that other stuff has been cleaned up and the malware malcontents are going after such legacy soft spots.
Please have some coffee or sober up or whatever and read my post above again. If that doesn't work I cannot understand why you think you have enough awareness of the issues for it to be worth bothering to discuss them instead of just turning on the TV for passive distraction.
Not so simple - sacking everyone working on a new product will improve productivity today if the metric is hours worked per product shipped. A lot of places have done that and had wonderful productivity figures right up to the day when a competitor with a better product comes in and takes their market.
regardless of function just to make the spreadsheets pretty
Even when it's regarding a function it can be the road to disaster if done badly. For example power plants have had to spend millions due to not making that "stitch in time to save nine". That recent chemistry grad is a payroll cost, got to cut those goes the mentality, but a capital cost for retubing comes out of a different money bucket. At least that mentality has given engineers lots of disaster porn to look at and give people examples of exactly what will happen if problem X is just ignored.
Are you sure there was more to be proud of a few decades ago?
While some very dubious stuff happened on Reagan's watch there were not actually many people involved in it - mainly because of how dubious it was. The chain of command was told to go fuck itself. A Senator from Nevada was doing an end run around the military to fund one of the guys we are now fighting in Afganistan, let alone someone as low on the totem pole as North selling classified anti-tank weapons to Hezbolla via Iran. A few rogues on the political track had very little to do with the majority.
Some hopefully would have been working on new models so not vital to production any time time in the next few months. Maintaining stuff - probably won't need those guys this week. With zero plans for the future it's amazing how many people seagull managers can do without so long as they are quick packing their bags to leave for the next gig before it's suddenly found that all the people who used to deal with various problems that crop up have been fired.
It's just to show that protectionism is all over the place and the EU is playing the same game as others. Should have I used Japan as an example to avoid the problem of you being thin skinned? I just thought the sugar protectionism (with the unintended consequence of expensive corn syrup in everything instead of cheap Jamaican cane sugar) and steel protectionism (with the unintended consequence of moving manufacturing offshore to where the cheap steel is) was something that you would be aware of from daily experience.
The true irony is if it wasn't for Nixon the air in New York would probably be as polluted as the air in Beijing or perhaps even worse.
There used to be a bit more policy related to reality instead of the opinion of a donor.
An Atlantic City casino boss.
I really don't get why people think he should be trusted anywhere near taxpayer's money.
So a WINNER in the good old colonial tradition of Benedict Arnold!
Yes that is how it works. That's why I was able to recover files after a MS Outlook user clicked on the wrong email, which then had IE helpfully run stuff causing the computer to get hit with a cryptolocker variant.
It's a statistical thing - perhaps consider likely file sizes versus volume sizes and you should be able to understand how unlikely it is unless a very large number of blocks are being rewritten compared with the number of blocks available. Do the numbers in your head, it's not hard. If it's worked on 1GB of files (a LOT for ransomware since it targets specific file types) and there is 500GB free on a spinning disk that's a 0.2% chance that you've lost the lot in an overwrite. If you have very little free space the chance of losing something increases. If it's an SSD the chance is close to zero of losing anything unless the disk is very full since unused blocks are used before the time consuming process of clearing used blocks.
So the odds of losing EVERYTHING are vanishingly small. Losing something could happen on a fairly full disk or spinning disk, and recovery is a pain, but the script kiddies that made the malware either didn't know or care about what used to be taught in high school as far back as the 1980s about disk operations.
Reagan paying the ransom didn't work out well either. By the end it had spread from Iran to Hezbolla and classified anti-tank weapons were delivered to Hezbolla in exchange for hostages.
Now the guy who was arming Hezbolla against Israeli tanks (Oliver North) is one of the guys running the NRA - no wonder they are calling for the right for suspected terrorists to buy guns!
Insightful? Have people here forgotten about disk operations and that the encrypted file is a copy of the original laid down on different blocks before the original is deleted? Eventually stuff is going to be overwritten but before that it is deleted files and a collection of new ones.
Not really a problem if you do the sensible thing and access the filesystem with something incompatible with the virus. After all, nobody would be stupid enough to trust an owned system or risk infecting something else would they when the alternative is a free download running off CDROM without even having to install it? They would? They should go back to school and stop telling people they are computer professionals.
It's not difficult, just really annoying, time consuming and makes you think far too long about how all that messing about could be saved if that person had listened to advice about not using MS Outlook set to automatically open attachments and not opening strange emails.
Photorec is very good. It is not fast, because when it gets down to it you are asking it to do something difficult. Filenames are of course lost but file types are know and grep plus all the rest can be used if you have a few clues about what you are looking for. Of course it turns up a vast number of files you are not looking for - a very large number of the temporary files used over years are likely to turn up.
Or one of the thousands of other holes like the print spooler one this week.
The typical behaviour is encrypt to a new file and delete the old. Of course if does it on a lot of files the blocks used by those early deleted files can get overwritten.
Obviously not important enough to have a backup strategy in place and obviously not important enough to have on an OS suitable for something other than playing video games at home.
The places that take things seriously have filesystem snapshots and offline backups on tape or similar. You want an MS system? Fine, just make sure the files are stored under the adult supervision of something else that can give you those snapshots etc.
Someone hacking in from outside can't fuck up your tapes on a shelf, or even better in a different building in case of fire etc.
It's hard work, however it's much easier to recover a deleted file on Windows than it is to recover an encrypted file. *If*, and that's a big if, you knew where it was.
Photorec is pretty good at recovering all deleted files it can find on a volume. Of course then you have to sift through a huge number of files where all you know is the type - but that's when you use grep or other things from a system incompatible with the malware that will help you find the files you want among all the recovered temporary files you do not want.
That means you take the infected thing away from any "windows guru" as rapidly as possible before they overwrite things and/or spread the infection, and of course take a disk image first so you've got something to go back to.
Jemima Kelly may not know what an operating system is but the submitter should.
Editors - please take a look at that summary and convert it into something that does not look so utterly stupid and ignorant.
The law of the land still trumps agreements between people and companies so we are saved from such ridiculous terms of service.
People are used to illegal "no refunds" terms of service anyway and take wild attempted power grabs as being a worthless unenforcable tissue of lies anyway.
Libertarians take note - do you REALLY want a society where the law of the land does not protect people from abusive agreements between parties? Take a look at the parts of the world where parents sell their kids into sex slavery if it hasn't sunk in yet that such a thing is an incredibly bad idea.
True but I'm addressing the common and dangerous "NAT is security via obscurity therefor IPv6 should be avoided even though it can do NAT if you really want" myth. The bad guys can get through NAT easier than we would hope.
That used to happen a lot.
Add in undeclared variables typed by filename (if it starts with K it is an integer) for extra fun.
Look up the NAT traversal exploits. NAT is not security but people get confused since it's often handed out by the same device that does firewalling.
It's the spooler.
It's old and meant to have third party stuff hook into it.
Back in the day on platforms like the Atari ST that was the case, but it sucked since you had to wait until the printing was done before you could do anything else. Some enterprising people wrote "print spooler" programs that could be resident in the background and handle communication with the printer while the user could do other stuff, even on platforms where the OS did no enable multitasking. Later platforms had that come with the software distribution or with the printer drivers.
The ones on the MS platform are very limited so a lot of printer vendors have extra software that interfaces directly with the spooler API or even replaces it entirely (needed for things like plotters with rolls of paper and other edge cases not covered by the very limited MS print spooler software). Since it is written to allow third party stuff to get it's hooks into it and was written at a time when MS infamously didn't give a shit about security problems the obvious has happened and it has been exploited. Maybe it's a sign that other stuff has been cleaned up and the malware malcontents are going after such legacy soft spots.
That horse bolted in around 1980 and isn't going to be dealt with unless both parties agree so she's picking an easy fight she can win.
Please have some coffee or sober up or whatever and read my post above again. If that doesn't work I cannot understand why you think you have enough awareness of the issues for it to be worth bothering to discuss them instead of just turning on the TV for passive distraction.
Even when it's regarding a function it can be the road to disaster if done badly. For example power plants have had to spend millions due to not making that "stitch in time to save nine". That recent chemistry grad is a payroll cost, got to cut those goes the mentality, but a capital cost for retubing comes out of a different money bucket. At least that mentality has given engineers lots of disaster porn to look at and give people examples of exactly what will happen if problem X is just ignored.
While some very dubious stuff happened on Reagan's watch there were not actually many people involved in it - mainly because of how dubious it was. The chain of command was told to go fuck itself. A Senator from Nevada was doing an end run around the military to fund one of the guys we are now fighting in Afganistan, let alone someone as low on the totem pole as North selling classified anti-tank weapons to Hezbolla via Iran. A few rogues on the political track had very little to do with the majority.
Some hopefully would have been working on new models so not vital to production any time time in the next few months. Maintaining stuff - probably won't need those guys this week. With zero plans for the future it's amazing how many people seagull managers can do without so long as they are quick packing their bags to leave for the next gig before it's suddenly found that all the people who used to deal with various problems that crop up have been fired.
It's just to show that protectionism is all over the place and the EU is playing the same game as others. Should have I used Japan as an example to avoid the problem of you being thin skinned? I just thought the sugar protectionism (with the unintended consequence of expensive corn syrup in everything instead of cheap Jamaican cane sugar) and steel protectionism (with the unintended consequence of moving manufacturing offshore to where the cheap steel is) was something that you would be aware of from daily experience.