http://www.nbcnews.com/tech/security/ransomware-now-billion-dollar-year-crim...
Are VFP files more susceptible than say data in a RDBMS like SQL Server or MySQL?
They're definitely subject to ransomware crap like cryptlocker and locky because they live in and are under control of the file system. OTOH I'm sure some clever a****** is working on a way to use SQL APIs to encrypt that data, too.
--
rk -----Original Message----- From: ProfoxTech [mailto:profoxtech-bounces@leafe.com] On Behalf Of mbsoftwaresolutions@mbsoftwaresolutions.com Sent: Monday, January 09, 2017 4:56 PM To: profoxtech@leafe.com Subject: VFP tables likely victims for ransomware?
http://www.nbcnews.com/tech/security/ransomware-now-billion-dollar-year-crim...
Are VFP files more susceptible than say data in a RDBMS like SQL Server or MySQL?
Maybe.
If you have the SQL files on the same machine, or on a Windows share accessible from that machine (explicitly NOT a best practice for data server files), then any files found could be encrypted by ransomware.
On Mon, Jan 9, 2017 at 4:55 PM, mbsoftwaresolutions@mbsoftwaresolutions.com wrote:
http://www.nbcnews.com/tech/security/ransomware-now-billion-dollar-year-crim...
Are VFP files more susceptible than say data in a RDBMS like SQL Server or MySQL?
[excessive quoting removed by server]
On 2017-01-09 17:08, Ted Roche wrote:
Maybe.
If you have the SQL files on the same machine, or on a Windows share accessible from that machine (explicitly NOT a best practice for data server files), then any files found could be encrypted by ransomware.
Best setup for SQL Server would be not a Windows Share but instead via IP address?
mbsoftwaresolutions@mbsoftwaresolutions.com wrote on 2017-01-09:
http://www.nbcnews.com/tech/security/ransomware-now-billion-dollar-year-crim e-growing-n704646
Are VFP files more susceptible than say data in a RDBMS like SQL Server or MySQL?
Mike,
If the RDBMS opens and locks the file for a longer period of time than the VFP tables do, then yes.
Tracy Pearson PowerChurch Software
To the best of my knowledge, the physical files that make up an MS SQL DB are locked by the database engine. Having said that, if the bad guys decide it's worth the effort they will figure out a way to get to them. Most ransomware that I've had some experience with go for low hanging fruit; all those office docs and jpgs, etc that live out on the network, of which the vast majority will not be locked at any given time. But I also think I've recently read about some new variants that encrypt entire volumes...
--
rk -----Original Message----- From: ProfoxTech [mailto:profoxtech-bounces@leafe.com] On Behalf Of Tracy Pearson Sent: Monday, January 09, 2017 5:14 PM To: profoxtech@leafe.com Subject: RE: VFP tables likely victims for ransomware?
mbsoftwaresolutions@mbsoftwaresolutions.com wrote on 2017-01-09:
http://www.nbcnews.com/tech/security/ransomware-now-billion-dollar-year-crim e-growing-n704646
Are VFP files more susceptible than say data in a RDBMS like SQL Server or MySQL?
Mike,
If the RDBMS opens and locks the file for a longer period of time than the VFP tables do, then yes.
Tracy Pearson PowerChurch Software
Sql Server raw data is safe because the API had an active lock on all the files. Even the .bin files that make up the service.
SQL Express should do the same thing.
On Mon, Jan 9, 2017 at 4:36 PM, Richard Kaye rkaye@invaluable.com wrote:
To the best of my knowledge, the physical files that make up an MS SQL DB are locked by the database engine. Having said that, if the bad guys decide it's worth the effort they will figure out a way to get to them. Most ransomware that I've had some experience with go for low hanging fruit; all those office docs and jpgs, etc that live out on the network, of which the vast majority will not be locked at any given time. But I also think I've recently read about some new variants that encrypt entire volumes...
--
rk -----Original Message----- From: ProfoxTech [mailto:profoxtech-bounces@leafe.com] On Behalf Of Tracy Pearson Sent: Monday, January 09, 2017 5:14 PM To: profoxtech@leafe.com Subject: RE: VFP tables likely victims for ransomware?
mbsoftwaresolutions@mbsoftwaresolutions.com wrote on 2017-01-09:
http://www.nbcnews.com/tech/security/ransomware-now- billion-dollar-year-crim e-growing-n704646
Are VFP files more susceptible than say data in a RDBMS like SQL Server or MySQL?
Mike,
If the RDBMS opens and locks the file for a longer period of time than the VFP tables do, then yes.
Tracy Pearson PowerChurch Software
[excessive quoting removed by server]
That's what they said about the Titanic Steve. ;)
On 10 Jan 2017 4:52 am, "Stephen Russell" srussell705@gmail.com wrote:
Sql Server raw data is safe because the API had an active lock on all the files. Even the .bin files that make up the service.
SQL Express should do the same thing.
On Mon, Jan 9, 2017 at 4:36 PM, Richard Kaye rkaye@invaluable.com wrote:
To the best of my knowledge, the physical files that make up an MS SQL DB are locked by the database engine. Having said that, if the bad guys
decide
it's worth the effort they will figure out a way to get to them. Most ransomware that I've had some experience with go for low hanging fruit;
all
those office docs and jpgs, etc that live out on the network, of which
the
vast majority will not be locked at any given time. But I also think I've recently read about some new variants that encrypt entire volumes...
--
rk -----Original Message----- From: ProfoxTech [mailto:profoxtech-bounces@leafe.com] On Behalf Of
Tracy
Pearson Sent: Monday, January 09, 2017 5:14 PM To: profoxtech@leafe.com Subject: RE: VFP tables likely victims for ransomware?
mbsoftwaresolutions@mbsoftwaresolutions.com wrote on 2017-01-09:
http://www.nbcnews.com/tech/security/ransomware-now- billion-dollar-year-crim e-growing-n704646
Are VFP files more susceptible than say data in a RDBMS like SQL
Server
or MySQL?
Mike,
If the RDBMS opens and locks the file for a longer period of time than
the
VFP tables do, then yes.
Tracy Pearson PowerChurch Software
[excessive quoting removed by server]
Aah, so because SQL Server (and the like) have a file lock on their files, that's how they're better protected from this kind of ransomware crap? Makes sense.
Thanks for all your comments!
On 2017-01-09 17:36, Richard Kaye wrote:
To the best of my knowledge, the physical files that make up an MS SQL DB are locked by the database engine. Having said that, if the bad guys decide it's worth the effort they will figure out a way to get to them. Most ransomware that I've had some experience with go for low hanging fruit; all those office docs and jpgs, etc that live out on the network, of which the vast majority will not be locked at any given time. But I also think I've recently read about some new variants that encrypt entire volumes...
--
rk -----Original Message----- From: ProfoxTech [mailto:profoxtech-bounces@leafe.com] On Behalf Of Tracy Pearson Sent: Monday, January 09, 2017 5:14 PM To: profoxtech@leafe.com Subject: RE: VFP tables likely victims for ransomware?
mbsoftwaresolutions@mbsoftwaresolutions.com wrote on 2017-01-09:
http://www.nbcnews.com/tech/security/ransomware-now-billion-dollar-year-crim e-growing-n704646
Are VFP files more susceptible than say data in a RDBMS like SQL Server or MySQL?
Mike,
If the RDBMS opens and locks the file for a longer period of time than the VFP tables do, then yes.
Tracy Pearson PowerChurch Software
On 10 January 2017 at 15:03, mbsoftwaresolutions@mbsoftwaresolutions.com wrote:
Aah, so because SQL Server (and the like) have a file lock on their files, that's how they're better protected from this kind of ransomware crap?
This is my experience also. I have seen encrypted DBF files but not SQL (yet). Force users to run backups folks!
Someone on here mentioned they charge users to host backups which is a great idea. This is something I really need to implement.
I think that you want to move your back-ups off your network to another storage environment for safety. Once the ransomeware is running on your system the backups are vulnerable as well.
On Tue, Jan 10, 2017 at 2:22 PM, Paul Hill paulroberthill@gmail.com wrote:
On 10 January 2017 at 15:03, mbsoftwaresolutions@mbsoftwaresolutions.com wrote:
Aah, so because SQL Server (and the like) have a file lock on their
files,
that's how they're better protected from this kind of ransomware crap?
This is my experience also. I have seen encrypted DBF files but not SQL (yet). Force users to run backups folks!
Someone on here mentioned they charge users to host backups which is a great idea. This is something I really need to implement.
-- Paul
[excessive quoting removed by server]
On 2017-01-10 15:28, Stephen Russell wrote:
I think that you want to move your back-ups off your network to another storage environment for safety. Once the ransomeware is running on your system the backups are vulnerable as well.
Yep. Rick's product mention earlier uses "the cloud" for backup. I can implement the same thing with my apps and my cloud database. Good feature to add. Shouldn't be difficult.
Keep in mind, like someone here already mentioned, if you push the malware up to your cloud backup then you can potentially say goodbye to all your backed up files, too.
--
rk -----Original Message----- From: ProfoxTech [mailto:profoxtech-bounces@leafe.com] On Behalf Of mbsoftwaresolutions@mbsoftwaresolutions.com Sent: Tuesday, January 10, 2017 5:14 PM To: profoxtech@leafe.com Subject: Re: VFP tables likely victims for ransomware?
On 2017-01-10 15:28, Stephen Russell wrote:
I think that you want to move your back-ups off your network to another storage environment for safety. Once the ransomeware is running on your system the backups are vulnerable as well.
Yep. Rick's product mention earlier uses "the cloud" for backup. I can implement the same thing with my apps and my cloud database. Good feature to add. Shouldn't be difficult.
[excessive quoting removed by server]
On 2017-01-10 17:36, Richard Kaye wrote:
Keep in mind, like someone here already mentioned, if you push the malware up to your cloud backup then you can potentially say goodbye to all your backed up files, too.
But if you run a simple query from the DBFs and store into a MySQL/MariaDB table elsewhere, that shouldn't bring along any malware. Right? At least that was my first thought for the "simple" approach, especially since the data size was VERY small (under 50 MB after a decade of data, perhaps).
I was a bit unclear, Mike.
I've got some clients who mount their dropbox locations on their local computers. The nastier bits out there can crawl UNCs now and not just mapped drives. So depending on your backup/sync settings, disaster is just a push away...
--
rk -----Original Message----- From: ProfoxTech [mailto:profoxtech-bounces@leafe.com] On Behalf Of mbsoftwaresolutions@mbsoftwaresolutions.com Sent: Tuesday, January 10, 2017 5:44 PM To: profoxtech@leafe.com Subject: RE: VFP tables likely victims for ransomware?
On 2017-01-10 17:36, Richard Kaye wrote:
Keep in mind, like someone here already mentioned, if you push the malware up to your cloud backup then you can potentially say goodbye to all your backed up files, too.
But if you run a simple query from the DBFs and store into a MySQL/MariaDB table elsewhere, that shouldn't bring along any malware. Right? At least that was my first thought for the "simple" approach, especially since the data size was VERY small (under 50 MB after a decade of data, perhaps).
Richard Kaye wrote on 2017-01-10:
I was a bit unclear, Mike.
I've got some clients who mount their dropbox locations on their local
computers. The nastier bits out there can crawl UNCs now and not just mapped drives. So depending on your backup/sync settings, disaster is just a push away...
--
rk
Richard,
If you can't query the table, the table is bad, *or* in use. LLFF determine if the file is in use.
Lots of possibilities exist when your coding.
Tracy Pearson PowerChurch Software
I know, Tracy. I've had a few clients that got hit with ransomware (some multiple times) and they usually know because the exe stops working as the infection spreads.
--
rk -----Original Message----- From: ProfoxTech [mailto:profoxtech-bounces@leafe.com] On Behalf Of Tracy Pearson Sent: Tuesday, January 10, 2017 6:21 PM To: profoxtech@leafe.com Subject: RE: VFP tables likely victims for ransomware?
Richard Kaye wrote on 2017-01-10:
I was a bit unclear, Mike.
I've got some clients who mount their dropbox locations on their local
computers. The nastier bits out there can crawl UNCs now and not just mapped drives. So depending on your backup/sync settings, disaster is just a push away...
--
rk
Richard,
If you can't query the table, the table is bad, *or* in use. LLFF determine if the file is in use.
Lots of possibilities exist when your coding.
Tracy Pearson PowerChurch Software
mmm these dbs are not like the others it seems.
https://nakedsecurity.sophos.com/2017/01/11/thousands-of-mongodb-databases-c...
On Wed, Jan 11, 2017 at 7:00 AM, Richard Kaye rkaye@invaluable.com wrote:
I know, Tracy. I've had a few clients that got hit with ransomware (some multiple times) and they usually know because the exe stops working as the infection spreads.
--
rk -----Original Message----- From: ProfoxTech [mailto:profoxtech-bounces@leafe.com] On Behalf Of Tracy Pearson Sent: Tuesday, January 10, 2017 6:21 PM To: profoxtech@leafe.com Subject: RE: VFP tables likely victims for ransomware?
Richard Kaye wrote on 2017-01-10:
I was a bit unclear, Mike.
I've got some clients who mount their dropbox locations on their local
computers. The nastier bits out there can crawl UNCs now and not just mapped drives. So depending on your backup/sync settings, disaster is just a push away...
--
rk
Richard,
If you can't query the table, the table is bad, *or* in use. LLFF determine if the file is in use.
Lots of possibilities exist when your coding.
Tracy Pearson PowerChurch Software
[excessive quoting removed by server]
From The Fine Article:
"The present attacks against MongoDB seek out installations made accessible to the Internet without a set administrator password. The bad guys take over these accounts, upload the data on the databases, delete that data, and replace it with a ransom demand."
So, yeah, post data to the internet with no password, and people will mess with it; imagine that!
On Wed, Jan 11, 2017 at 10:54 AM, Stephen Russell srussell705@gmail.com wrote:
mmm these dbs are not like the others it seems.
https://nakedsecurity.sophos.com/2017/01/11/thousands-of-mongodb-databases-c...
On Wed, Jan 11, 2017 at 7:00 AM, Richard Kaye rkaye@invaluable.com wrote:
I know, Tracy. I've had a few clients that got hit with ransomware (some multiple times) and they usually know because the exe stops working as the infection spreads.
--
rk -----Original Message----- From: ProfoxTech [mailto:profoxtech-bounces@leafe.com] On Behalf Of Tracy Pearson Sent: Tuesday, January 10, 2017 6:21 PM To: profoxtech@leafe.com Subject: RE: VFP tables likely victims for ransomware?
Richard Kaye wrote on 2017-01-10:
I was a bit unclear, Mike.
I've got some clients who mount their dropbox locations on their local
computers. The nastier bits out there can crawl UNCs now and not just mapped drives. So depending on your backup/sync settings, disaster is just a push away...
--
rk
Richard,
If you can't query the table, the table is bad, *or* in use. LLFF determine if the file is in use.
Lots of possibilities exist when your coding.
Tracy Pearson PowerChurch Software
[excessive quoting removed by server]
Absolutely since something like SQL Server typically has the data files open all the time (even when the apps that use the data are shut down). However, SQL Server Express apps that have the data locally or in a peer-to-peer setup (which is not all that uncommon for a vertical market application) often have the files available to be encrypted if the SQL Server service is shut down for whatever reason. Just not common.
Unfortunately, VFP apps with VFP data open and close tables as needed and definitely close them when they are shut down. I've seen it many times where some tables are good and some are encrypted because the user was only opening some of them in the course of using the app.
But VFP data is not the only problem, what about something as simple as an INI file, or more likely, Word/Excel docs that are automated, graphic images, and historical PDF reports.
Restoring is only one part of it. You have to consider all the time it takes being down while restores are happening, and the cost of the IT people to get things back to normal. And rebuilding the machine where it was originally opened. I've seen so much time and money lost by people who are tricked into installing ransomware, it is not funny. I wish a couple of them would be tossed in jail and fined to the highest limit to make a point that they can be caught. They are geniuses that we probably would not want to compete with in the software marketplace so it is unlikely.
Easiest way to solve it is to not open stuff that you have no business opening (although they are remarkably engineered), and do religious backups of your data. A lot of companies do not allow attachments.
Ransomware is probably the number one reason we get new subscriptions to CleverFox Backup these days. People get hit, find giant hole in their disaster recovery plan, and then get on with solid, scheduled offsite backups.
Rick White Light Computing, Inc.
www.whitelightcomputing.com
-----Original Message----- From: ProfoxTech [mailto:profoxtech-bounces@leafe.com] On Behalf Of mbsoftwaresolutions@mbsoftwaresolutions.com Sent: Monday, January 09, 2017 04:56 To: profoxtech@leafe.com Subject: VFP tables likely victims for ransomware?
http://www.nbcnews.com/tech/security/ransomware-now-billion-dollar-year-crim...
Are VFP files more susceptible than say data in a RDBMS like SQL Server or MySQL?
[excessive quoting removed by server]
Not a problem if:
1. your company could always hire good people 3. programmers don't trick and betray better programmers 2. the database server was offline from internet!
On Tue, Jan 10, 2017 at 5:55 AM, mbsoftwaresolutions@mbsoftwaresolutions.com wrote:
http://www.nbcnews.com/tech/security/ransomware-now-billion-dollar-year-crim...
Are VFP files more susceptible than say data in a RDBMS like SQL Server or MySQL?