This is a typical mail a phishing campaign would send out, and we have already said to people "never believe this kind of messages. They are all fake.
Now, if a genuine company sends out mails with a genuine gift-cards (what the article on techcrunch seems to indicate) .. this is NOT helpfull at all!!!
And that comming from a cybersecurity company (rolling-eyes)
Yes, that's a very useful idea. Thanks!
If you get your domain from OVH, you get one single mailbox (be it with a lot of aliases, like a different email-address for every service/website you use) for free.
What is your 'deleted files' policy? How long do you keep them? I had a similar issue but then found out that the nextcloud cron-process wasn't running so files in the 'deleted files' folder where never really deleted.
Well, based on advice of Samsy, take a backup of home-server network to a NAS on your home-network. (I do home that your server-segment and your home-segment are two seperated networks, no?) Or better, set up your NAS at a friend's house (and require MFA or a hardware security-key to access it remotely)
What was that saying again?
"the biggest thread to the safety and cybersecurity of the citizens of a country ... are managers who think that cybersecurity is just a number on an exellsheet"
(I don't know where I read this, but I think it really hits the nail on the head)
I have been thinking the same thing.
I have been looking into a way to copy files from our servers to our S3 backup-storage, without having the access-keys stored on the server. (as I think we can assume that will be one of the first thing the ransomware toolkits will be looking for).
Perhaps a script on a remote machine that initiate a ssh to the server and does a "s3cmd cp" with the keys entered from stdin ? Sofar, I have not found how to do this.
Does anybody know if this is possible?
Yes. Fair point.
On the other hand, most of the disaster senarios you mention are solved by geographic redundancy: set up your backup // DRS storage in a datacenter far away from the primary service. A scenario where all services,in all datacenters managed by a could-provider are impacted is probably new.
It is something that, considering the current geopolical situation we are now it, -and that I assume will only become worse- that we should better keep in the back of our mind.
I will put "multicloud" on my wishlist.
Looking at it from a infosec point of view, cloud-providers are an ideal target. All the customers who have just lost all their data now complaining to the cloud-provider are the ideal pressure-mechanism to get the cloud-provider to pay out.
In this case, it is not you -as a customer- that gets hacked, but it was the cloud-company itself. The randomware-gang encrypted the disks on server level, which impacted all the customers on every server of the cloud-provider.
The issue is not cloud vs self-hosted. The question is "who has technical control over all the servers involved". If you would home-host a server and have a backup of that a network of your friend, if your username / password pops up on a infostealer-website, you will be equaly in problem!
Concerning linux, yesterday I was watching this video on computerphile on the crowdstrike incident. https://www.youtube.com/watch?v=rlaNMJeA1EA (*)
What is interesting is the comment made in the video on how chromebooks do software upgrades with dual "OS" disk-partitions and the ability to rollback to the previous OS-partition.
Question: is something like this also possible on one of the major linux distros? (debian, ubuntu, rocky, ...) What would be the procedure to do this kind of "dual partition" system-upgrade?
(*) a great video that explained some of the technical details in a very clear way, including some very interesting 'lessons learned' and "what if"s If you ever need to explain crowdstrike to your manager, this video is a good start.