Many firms hit by global cyber-attacks

Macrium Reflect backs up the MBR when you do a full system image, all partitions (this is what I use), so I expect other backup/restore products do too. There are several tools that allow you to backup and restore the MBR. I use BOOTICE, but a mere Google search will kick out several others. Just save the bin file on a thumb drive for emergencies. There are also generic MBRs available if your own gets clobbered, but they do not always work. Most MBRs are 512, but Lenovo's is 2048 - go figure!

 

Is it worth backing it up even on a UEFI GPT Disk? I was under the impression those Disk Types are relatively safe with Secure Boot enabled.

I also have BOOTICE but haven't got around to actually using it since backups are a plenty and in reserve like you said, along with the Bootloader data etc.

 

Back up your image to a USB drive/DVD and restore the previous image and you're back in business.

Of course, if its a wiper malware, your HD is trashed for good because of the way it writes to it.

Nasty bug! Better keep it from doing that in the first place.

 

GPT disks operating in a UEFI system don't use MBR. There is a "protective MBR" to protect the information if the disk is installed in a computer with BIOS firmware.

 

Legacy BIOS PCs have a MBR. New UEFI PCs don't.

 

That's what I thought, but as most of you already know from my posts, that's an area where i'm out of my element and better suited for those guru's like Peter2150, Brian K, Froggy and some others who are keen right down to the exact print on those disk sections and imaging.

 

I was going to reference that exact method which happens to be from you LoL

Disk is never gone IMO so long as you can zero it out. I'm probably on overkill but when I so-called clean a HDD, I boot into Mint and first delete the partition then erase the whole disk which takes quite awhile since mine are 1terabyte and upwards.

Guess one can never be too sure you completely kicked the offenders from off your platter with no traces when it comes to spindles.

I can't speak for SSD's just yet. Have none.

 

Dban can clean an entire HD within a couple of hours, restoring it to raw state.

Of course, then it has to be formatted prior to reinstalling Windows.

 

I gathered as much on that one from you Pete. Wasn't quite sure how it would turn out being an ole skeptic but rather more inexperienced at it but it restored just fine.

A well put together imager of that level is designed to safely and efficiently overlay your image to a zero out disk just like new and things are up and go again.

 

This whole bitcoin etc is the only reason why bad guys are so interested in writing new ransomware, because with these bitcoin and the like, the malware authors can receive payments without the danger of having their ID revealed. It's like accepting payments in the street in the broad daylight with a mask in their face. They are robbing people, but people don't even know who they are, and they will never know who these criminals are.

Not to mention these digital currencies can be used as a tool to wash money, sponsor terrorism and crime. The "bitcoin mining" frenzy is also a total waste of hardware and money. The modern human society is filled with total nonsense like this. Pessimism.

 

Unless you can prevent the source of the issue (or at least all means of doing it), I don't see how such one-sided pessimism about digital currencies help.

 

I'm not talking about getting rid of all the bad things or criminal activities associated with bitcoin; or for that matter, the sources of all these criminal or terrorism activities; I simply said bitcoin and the like facilitate all these activities; and in terms of ransomware over cyberspace, bitcoin is a big incentive and major reason why ransomeware are getting popular by day, because it's the ideal method of payment to the malware authors - these authors are invisible to anyone yet they can get payment from any victim around the world, yet they have no fear of getting caught. Imagine if this is possible at all without the help of bitcoin.

Next time, try to get the big picture and the main point of a post before you post something.

 

The point is the risk is small and the payoff is huge.

Only people with low IQ rob banks and they get caught quickly. Cybercriminals operate anonymously and they provide a service.

Helping people get their computers up and running, for a price of course.

Crime pays.

 

Removing Bitcoins and the like will not solve the underlying problems, which is my point. They will simply move onto another incentive. Therefore, if you don't prevent the source (criminals) or all means to their ends, this will never stop.

As for the possibility without Bitcoins, of course. What if all cryptocurrencies are gone? Well that's not even possible in the first place, but even if it is, there are many other ways to transfer money or other things of value. Sure it may not be as widespread or easy to conceal (yet), but who knows what they could come up with.

Next time, try without the assumptions. And look beyond one side of the coin.

 

New blog post by Zoltan / MRG about this latest Petya malware attack

https://www.mrg-effitas.com/eternalromance-vs-internet-security-suites-and-nextgen-protections/

Interesting but a pity we still don't know yet who failed this one and the earlier Eternal Blue incident.

 

The percentage of people that could even perform a Bitcoin transaction for the first time would be very low. Guessing that 99.9% of the public would not be able to get thru the process without help.

 

You can restore MFT from its mirror file using a utility like this: http://www.cgsecurity.org/wiki/TestDisk_Download . Of course, this will only work if the ransomware hasn't deleted/encrypted the mirror file. Also backing up the mirror file is not recommend since the mirror file is constantly changing.

 

Appears Zoltan has been doing his research and lsass.exe finally runs as a protected process in Win 10 CU:

Of note is that Eset is the only solution that stopped EternalRomance "dead in its tracks."

 

You puke out all these based on your imagination and "who knows what" "move into another incentive(what incentive)?" without a single fact. All you put onto the table are your opinions based on imagination. Do you really expect people to agree with you even when you yourself are not sure what it is? What I said about bitcoin are all fact.

I don't argue with someone who can only force their opinions onto others. Pathetic.

 

https://www.mrg-effitas.com/eternalblue-vs-internet-security-suites-and-nextgen-protections/

As noted in the Conclusions section, no one stopped the EternalBlue backdoor from being installed. The reason for me is quite clear. There is currently no known way to prevent a remote code execution vulnerability in a kernel mode driver short of a Microsoft patch. Supposedly, Win 10 CU Enterprise has mitigations for this but I haven't seen any supporting tests to confirm.