Analysis of Locky ransomware
-
@Dashrender I had the same problem. I told all operators that answer external calls to never give out my information or anyone's info for that matter. I have also had the random e-mail get to someone that is the same type of thing, please forward this to your IT person or please reply with their contact information. NEVER RESPOND
-
Of course you can also say to the sales person "how did you get to a private number?" and demand an explanation of how they got your number. You are never obligated to listen to a sales pitch. Simply don't take the calls. And as the IT department, considering blacklisting vendors that pull that crap. Problem solved.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Carnival-Boy said:
I think it's a disgrace that a plan that is advertised as supporting up to 300 users doesn't include group policy support. 300 Office users is a fairly sizeable company in my book.
To be fair, IBM would classify a company of that size as a "home or hobby" business. They don't considered you to be an SMB until you have at least 500 employees and often more like 2,000.
Microsoft sees businesses smaller than IBM does, but 300 is still decently small to most vendors.
Oh brother! Fine, the giants of the world get to make their own minds up.. but come on.. managing 300 users by hand is considered fine? or better yet - who cares? Sigh!
Correct, if you are too small to be seen as profitable, you are too small to care about. That's the bottom line. This is why IBM had that disaster on Spiceworks. When SW told them that they had millions of SMB customers, IBM heard "millions of companies with 2,000+ users" when, in fact, there were about five of that size, tops. I met with IBM's management team in person about this in NYC... they had no idea that there were companies with so few people and "in business using computers." They were amazed... but didn't care as there is no money there.
LOL - that's laughable - "they had no idea that there were companies with so few people... using computers"
If that doesn't tell them how absolutely disconnected from reality they are, nothing does.
No doubt there, but it does highlight how little money there is to be made there. All of the big vendors have a similar idea. The SMB often has this "I'll take my money elsewhere" attitude and the vendors are like "what money?"
Well they aren't wrong about that... most SMBs are so cheap, they won't spend their way out of a paper bag.
Exactly, even if they "have money" you almost never get them to spend it, which in turn makes big vendors ignore them.
Any cold calls from any Vendor just make me never want to use them unless I have no other choice, which never happens. I have enough stuff to do without you calling me to have a conversation and pitch something I will never be interested in.
I never get vendor cold calls. Just use an extension instead of a DID, that normally stops that process.
We have a system that allows for people to search for names and the staff isn't smart enough to not give my name out or just tranfer them over to me anyway. It's a nightmare.
You need HR to make that a security violation. Getting names improperly from people is social engineering.
We have a huge problem with that here! they (the staff) don't understand how bad this is!
You should give them some HIPAA training, perhaps.
Speaking of which, anyone have good resources of example social engineering training? I want to put together some course work for my employees.
-
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Carnival-Boy said:
I think it's a disgrace that a plan that is advertised as supporting up to 300 users doesn't include group policy support. 300 Office users is a fairly sizeable company in my book.
To be fair, IBM would classify a company of that size as a "home or hobby" business. They don't considered you to be an SMB until you have at least 500 employees and often more like 2,000.
Microsoft sees businesses smaller than IBM does, but 300 is still decently small to most vendors.
Oh brother! Fine, the giants of the world get to make their own minds up.. but come on.. managing 300 users by hand is considered fine? or better yet - who cares? Sigh!
Correct, if you are too small to be seen as profitable, you are too small to care about. That's the bottom line. This is why IBM had that disaster on Spiceworks. When SW told them that they had millions of SMB customers, IBM heard "millions of companies with 2,000+ users" when, in fact, there were about five of that size, tops. I met with IBM's management team in person about this in NYC... they had no idea that there were companies with so few people and "in business using computers." They were amazed... but didn't care as there is no money there.
LOL - that's laughable - "they had no idea that there were companies with so few people... using computers"
If that doesn't tell them how absolutely disconnected from reality they are, nothing does.
No doubt there, but it does highlight how little money there is to be made there. All of the big vendors have a similar idea. The SMB often has this "I'll take my money elsewhere" attitude and the vendors are like "what money?"
Well they aren't wrong about that... most SMBs are so cheap, they won't spend their way out of a paper bag.
Exactly, even if they "have money" you almost never get them to spend it, which in turn makes big vendors ignore them.
Any cold calls from any Vendor just make me never want to use them unless I have no other choice, which never happens. I have enough stuff to do without you calling me to have a conversation and pitch something I will never be interested in.
I never get vendor cold calls. Just use an extension instead of a DID, that normally stops that process.
We have a system that allows for people to search for names and the staff isn't smart enough to not give my name out or just tranfer them over to me anyway. It's a nightmare.
You need HR to make that a security violation. Getting names improperly from people is social engineering.
We have a huge problem with that here! they (the staff) don't understand how bad this is!
You should give them some HIPAA training, perhaps.
Speaking of which, anyone have good resources of example social engineering training? I want to put together some course work for my employees.
KnowBe4 has good materials.
-
@scottalanmiller said:
KnowBe4 has good materials.
I've gotten quotes from them, and they are also pretty reasonable.
-
@scottalanmiller said:
Of course you can also say to the sales person "how did you get to a private number?" and demand an explanation of how they got your number. You are never obligated to listen to a sales pitch. Simply don't take the calls. And as the IT department, considering blacklisting vendors that pull that crap. Problem solved.
I can trace the calls back through the phone system to find out how they got to me. Sometimes it is random number pressing through automated menus but mostly it is the operators, but after repeated scolding, it has been a long time since they have done that.
I have added repeat offenders as contacts with prefix Don't Answer. I almost never answer calls from external numbers. Unless I am waiting for a call back from support somewhere. Sometimes that bites me and I get pissed when someone on the other end asks me if I am the person in charge of VOIP or toner purchasing. Don't call here again! Click -
@scottalanmiller said:
If companies so small as to not have significant value to the vendors want to use that software that's fine, but you can't complain when you aren't big enough to get attention or get features that are limited to the big boys.
Oh really? Well, I did.
I've had these features for years with volume licences. It's O365 that is crippled. Are you saying only large enterprises should consider O365 because Microsoft don't care about SMB customers?
Anyway, it's your forum, so in future I will refrain from making any criticisms of Microsoft on Mangolassi.
#knowmyplace -
@Carnival-Boy said:
I've had these features for years with volume licences. It's O365 that is crippled. Are you saying only large enterprises should consider O365 because Microsoft don't care about SMB customers?
I'm saying that small companies need to be realistic and not think that what they perceive as big is what enormous vendors will also perceive as big. Yes, O365 is crippled here to get bigger customers to spend more, which is probably way more important to MS than the sales of the lesser product to smaller firms. It only takes one large sale to make up for the loss of a great any small ones.
-
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Carnival-Boy said:
I think it's a disgrace that a plan that is advertised as supporting up to 300 users doesn't include group policy support. 300 Office users is a fairly sizeable company in my book.
To be fair, IBM would classify a company of that size as a "home or hobby" business. They don't considered you to be an SMB until you have at least 500 employees and often more like 2,000.
Microsoft sees businesses smaller than IBM does, but 300 is still decently small to most vendors.
Oh brother! Fine, the giants of the world get to make their own minds up.. but come on.. managing 300 users by hand is considered fine? or better yet - who cares? Sigh!
Correct, if you are too small to be seen as profitable, you are too small to care about. That's the bottom line. This is why IBM had that disaster on Spiceworks. When SW told them that they had millions of SMB customers, IBM heard "millions of companies with 2,000+ users" when, in fact, there were about five of that size, tops. I met with IBM's management team in person about this in NYC... they had no idea that there were companies with so few people and "in business using computers." They were amazed... but didn't care as there is no money there.
LOL - that's laughable - "they had no idea that there were companies with so few people... using computers"
If that doesn't tell them how absolutely disconnected from reality they are, nothing does.
No doubt there, but it does highlight how little money there is to be made there. All of the big vendors have a similar idea. The SMB often has this "I'll take my money elsewhere" attitude and the vendors are like "what money?"
Well they aren't wrong about that... most SMBs are so cheap, they won't spend their way out of a paper bag.
Exactly, even if they "have money" you almost never get them to spend it, which in turn makes big vendors ignore them.
Any cold calls from any Vendor just make me never want to use them unless I have no other choice, which never happens. I have enough stuff to do without you calling me to have a conversation and pitch something I will never be interested in.
I never get vendor cold calls. Just use an extension instead of a DID, that normally stops that process.
We have a system that allows for people to search for names and the staff isn't smart enough to not give my name out or just tranfer them over to me anyway. It's a nightmare.
You need HR to make that a security violation. Getting names improperly from people is social engineering.
We have a huge problem with that here! they (the staff) don't understand how bad this is!
You should give them some HIPAA training, perhaps.
Speaking of which, anyone have good resources of example social engineering training? I want to put together some course work for my employees.
KnowBe4 has good materials.
Wasn't this guy on TechTV or am I crazy?
-
@Carnival-Boy said:
Anyway, it's your forum, so in future I will refrain from making any criticisms of Microsoft on Mangolassi.
Did you not see me recommend non-MS technologies? Does anyone criticise MS more than me? I take them to task all the time. Both here and directly. I'm just pointing out that there is a difference between them doing something wrong or badly and them having a similar view of size as us. All of us are small potatoes for them.
-
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Carnival-Boy said:
I think it's a disgrace that a plan that is advertised as supporting up to 300 users doesn't include group policy support. 300 Office users is a fairly sizeable company in my book.
To be fair, IBM would classify a company of that size as a "home or hobby" business. They don't considered you to be an SMB until you have at least 500 employees and often more like 2,000.
Microsoft sees businesses smaller than IBM does, but 300 is still decently small to most vendors.
Oh brother! Fine, the giants of the world get to make their own minds up.. but come on.. managing 300 users by hand is considered fine? or better yet - who cares? Sigh!
Correct, if you are too small to be seen as profitable, you are too small to care about. That's the bottom line. This is why IBM had that disaster on Spiceworks. When SW told them that they had millions of SMB customers, IBM heard "millions of companies with 2,000+ users" when, in fact, there were about five of that size, tops. I met with IBM's management team in person about this in NYC... they had no idea that there were companies with so few people and "in business using computers." They were amazed... but didn't care as there is no money there.
LOL - that's laughable - "they had no idea that there were companies with so few people... using computers"
If that doesn't tell them how absolutely disconnected from reality they are, nothing does.
No doubt there, but it does highlight how little money there is to be made there. All of the big vendors have a similar idea. The SMB often has this "I'll take my money elsewhere" attitude and the vendors are like "what money?"
Well they aren't wrong about that... most SMBs are so cheap, they won't spend their way out of a paper bag.
Exactly, even if they "have money" you almost never get them to spend it, which in turn makes big vendors ignore them.
Any cold calls from any Vendor just make me never want to use them unless I have no other choice, which never happens. I have enough stuff to do without you calling me to have a conversation and pitch something I will never be interested in.
I never get vendor cold calls. Just use an extension instead of a DID, that normally stops that process.
We have a system that allows for people to search for names and the staff isn't smart enough to not give my name out or just tranfer them over to me anyway. It's a nightmare.
You need HR to make that a security violation. Getting names improperly from people is social engineering.
We have a huge problem with that here! they (the staff) don't understand how bad this is!
You should give them some HIPAA training, perhaps.
Speaking of which, anyone have good resources of example social engineering training? I want to put together some course work for my employees.
KnowBe4 has good materials.
Wasn't this guy on TechTV or am I crazy?
What guy? @stus ?
-
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Carnival-Boy said:
I think it's a disgrace that a plan that is advertised as supporting up to 300 users doesn't include group policy support. 300 Office users is a fairly sizeable company in my book.
To be fair, IBM would classify a company of that size as a "home or hobby" business. They don't considered you to be an SMB until you have at least 500 employees and often more like 2,000.
Microsoft sees businesses smaller than IBM does, but 300 is still decently small to most vendors.
Oh brother! Fine, the giants of the world get to make their own minds up.. but come on.. managing 300 users by hand is considered fine? or better yet - who cares? Sigh!
Correct, if you are too small to be seen as profitable, you are too small to care about. That's the bottom line. This is why IBM had that disaster on Spiceworks. When SW told them that they had millions of SMB customers, IBM heard "millions of companies with 2,000+ users" when, in fact, there were about five of that size, tops. I met with IBM's management team in person about this in NYC... they had no idea that there were companies with so few people and "in business using computers." They were amazed... but didn't care as there is no money there.
LOL - that's laughable - "they had no idea that there were companies with so few people... using computers"
If that doesn't tell them how absolutely disconnected from reality they are, nothing does.
No doubt there, but it does highlight how little money there is to be made there. All of the big vendors have a similar idea. The SMB often has this "I'll take my money elsewhere" attitude and the vendors are like "what money?"
Well they aren't wrong about that... most SMBs are so cheap, they won't spend their way out of a paper bag.
Exactly, even if they "have money" you almost never get them to spend it, which in turn makes big vendors ignore them.
Any cold calls from any Vendor just make me never want to use them unless I have no other choice, which never happens. I have enough stuff to do without you calling me to have a conversation and pitch something I will never be interested in.
I never get vendor cold calls. Just use an extension instead of a DID, that normally stops that process.
We have a system that allows for people to search for names and the staff isn't smart enough to not give my name out or just tranfer them over to me anyway. It's a nightmare.
You need HR to make that a security violation. Getting names improperly from people is social engineering.
We have a huge problem with that here! they (the staff) don't understand how bad this is!
You should give them some HIPAA training, perhaps.
Speaking of which, anyone have good resources of example social engineering training? I want to put together some course work for my employees.
KnowBe4 has good materials.
Wasn't this guy on TechTV or am I crazy?
What guy? @stus ?
Kevin Mitnik
Edit: Screensavers baby! I knew it.
-
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Carnival-Boy said:
I think it's a disgrace that a plan that is advertised as supporting up to 300 users doesn't include group policy support. 300 Office users is a fairly sizeable company in my book.
To be fair, IBM would classify a company of that size as a "home or hobby" business. They don't considered you to be an SMB until you have at least 500 employees and often more like 2,000.
Microsoft sees businesses smaller than IBM does, but 300 is still decently small to most vendors.
Oh brother! Fine, the giants of the world get to make their own minds up.. but come on.. managing 300 users by hand is considered fine? or better yet - who cares? Sigh!
Correct, if you are too small to be seen as profitable, you are too small to care about. That's the bottom line. This is why IBM had that disaster on Spiceworks. When SW told them that they had millions of SMB customers, IBM heard "millions of companies with 2,000+ users" when, in fact, there were about five of that size, tops. I met with IBM's management team in person about this in NYC... they had no idea that there were companies with so few people and "in business using computers." They were amazed... but didn't care as there is no money there.
LOL - that's laughable - "they had no idea that there were companies with so few people... using computers"
If that doesn't tell them how absolutely disconnected from reality they are, nothing does.
No doubt there, but it does highlight how little money there is to be made there. All of the big vendors have a similar idea. The SMB often has this "I'll take my money elsewhere" attitude and the vendors are like "what money?"
Well they aren't wrong about that... most SMBs are so cheap, they won't spend their way out of a paper bag.
Exactly, even if they "have money" you almost never get them to spend it, which in turn makes big vendors ignore them.
Any cold calls from any Vendor just make me never want to use them unless I have no other choice, which never happens. I have enough stuff to do without you calling me to have a conversation and pitch something I will never be interested in.
I never get vendor cold calls. Just use an extension instead of a DID, that normally stops that process.
We have a system that allows for people to search for names and the staff isn't smart enough to not give my name out or just tranfer them over to me anyway. It's a nightmare.
You need HR to make that a security violation. Getting names improperly from people is social engineering.
We have a huge problem with that here! they (the staff) don't understand how bad this is!
You should give them some HIPAA training, perhaps.
Speaking of which, anyone have good resources of example social engineering training? I want to put together some course work for my employees.
KnowBe4 has good materials.
Wasn't this guy on TechTV or am I crazy?
What guy? @stus ?
Kevin Mitnik
Kevin has been just about everywhere. One of the most famous people in IT (famous for being locked up without a trial, not for doing anything special.)
-
-
@scottalanmiller said:
@wirestyle22 said:
Edit: Screensavers baby! I knew it.
I don't know what that means.
You never watched the Screen Savers with Leo Laporte? Gah! I loved that show when I was younger.
-
@wirestyle22 said:
You never watched the Screen Savers with Leo Laporte? Gah! I loved that show when I was younger.
Um, no. I think we had a thread recently where we discussed that he was a consumer presenter or something. I can't remember what was determined. Oh yeah, he's a journalist and radio personality and not a tech guy. Very end user, media sensational stuff. Not IT. Not sure why you'd expect me to have watched him. Seems like an odd thing for IT people to have seen. Not odd that some have, but no more than normal people. He does content for non-IT.
-
Leo was/is definitely more gadgets and consumer hobbyists. But I still loved TSS and they did a reboot of it on his site. I don't have enough time to keep up with it but I think it is still going on.
-
@wrx7m said:
Leo was/is definitely more gadgets and consumer hobbyists. But I still loved TSS and they did a reboot of it on his site. I don't have enough time to keep up with it but I think it is still going on.
That's my understanding. I'm sure if you are into gadgets and consumer / prosumer digital gear that it's a great show. I'm oddly not one of those people. I can to IT from the business side, not the tech side, and actually am not into those aspects that people often associate with IT.
-
@scottalanmiller That is interesting, for sure. I think a ton of IT people are into gadgets and most technology in their non-professional lives as well. I sure as hell am.
-
@wrx7m said:
@scottalanmiller That is interesting, for sure. I think a ton of IT people are into gadgets and most technology in their non-professional lives as well. I sure as hell am.
It's not that I dislike gadgets, but to a massively lower degree than most any IT people that I meet. But on the other hand, I've always had enterprise servers and a networking rack in my home even in the 1990s. I live the IT stuff, but I have loved it as a business tool, even going back to being a kid. When I learned programming, it wasn't to make games someday, it was because I wanted to do database drive business applications.
That's why a Fortune 100 picked me up at 13. I was doing database work, not just fiddling around.
