One of my premises in regards to the cloud and companies that force you to go there with your IP as a method of conducting your business is that the black hat guys fight with the white hat guys and none can get rid of the other. And at any given time one is victorious over the other and YOU the user are left to absorb the consequences. So as many in the CAD and CAM world are shoved knowingly or unknowingly towards the Dassault and Autodesk hoped for forced subscription nirvana of cloud only CAD and CAM software it is worth considering the last few months. And of course with the upcoming 2014 SolidWorks End of Life Convention it is timely to remind both Dassault and their users about the folly of what Bernard Charles proposes with this online “Experience” paradigm. This wonderful thing that will enable secure data storage and unlimited compute power over your crippled ISP throughput and all the other lies they propound. Put Autodesk in there too but SW has the next big deal convention coming up and they have been at it the longest although without any real commercial grade success to speak of. Bet that makes the EOL SW subs happy to see their money spent that way considering the scarcity of announced new product features for 2014.
So lately we see that customer data loss from Adobe tops 2,900,000 and Target tops 40,000,000 and you can bet this was from “secure” situations. And now welcome the latest and greatest proof of concept of the insanity of Cloud for CAD and CAM, Cryptolocker.
How would you like to log in to your network only to find that every connected device with storage had been encrypted. You have 72 hours to pay up or lose it all. I like especially comments and instructions from Carbonite, a company that extolls the headache free and totally reliable cloud backup method for all your files. Oh, and they say you can access your files from ANYWHERE and work so free and effortlessly not shackled by the limitations of offline hardware and the onerous burden of being responsible for yourself. Sound familiar all you Autodesk and SolidWorks/Dassault users? Go here and read this.
Which says in part,
“I work for Carbonite on the operations team, and I can confirm this for most cases – I will also offer these two pieces of advice:
1) If you are affected by the virus, you should disable or uninstall Carbonite as soon as possible. If you stop backing up the files, it’s more likely that Carbonite will not have overwritten a “last known good” backup set. There is a high risk of some recent data loss (you’re effectively going back in time, so if we have no record of the file existing at a previous time, you won’t get it back) with this method, but it’s far, far better than losing all of your files.
2) When you call customer support, which you should do as soon as possible, specifically mention that you are infected with cryptolocker. It was mentioned in the post above, but I just wanted to put emphasis on it because it’ll get you through the queue faster.
Edit: also, just to state the obvious, make doubly sure the infection is off your machine before you call support, please.”
I really like that last part. Please don’t expose us to your infected machine because we don’t want bigger problems than we already have on our safe and secure servers. And we don’t want to have your problems bleeding over into other accounts on our network because we are not sure we can stop it. The delicious irony of secure online backups being a vector of additional infections and theft is sublime is it not?
Information from Dell regarding this. http://www.secureworks.com/cyber-threat-intelligence/threats/cryptolocker-ransomware/
Bleeping computer has a regularly updated post on this with information on what it is and how to hopefully block it. Of course this site http://www.reddit.com/r/sysadmin/comments/1p32lx/cryptolocker_recap_a_new_guide_to_the_bleepingest/ccy89d3
has a lot of information but common sense will tell you that once the genie is out of the bottle how do you get it back in? So Microsoft has a solution for this at this time but don’t you know the guys who figured this out are already working on their Cryptolocker patch for your future entertainment.
Time and time again I keep saying that the only secure way to work with data you are supposed to be protecting is keep your stuff off-line. Keep your internal network off-line and allow access only through certain isolated computers and for sure don’t let these BYOD clowns plug their stuff into your network. Sys admins and bean counters, shame on you for concocting this save my company money with BYOD idea. How many access points do you want for all these bad guys to get into your data if you even care?
Another method that will probably save you is regular complete images of your system. But my money is on local regular backups. This is just good policy anyway for so many reasons and I am shocked at how many companies do not have an implemented procedure for this. I am thinking here that two backups separated by two weeks would probably defeat the activation time requirement for Cryptolocker and do it on a regular basis. In addition I save all my CADCAM data periodically to flash drives and DVD’s. And of course the Workstation in the shop never goes online.
How many times do you people who get all giggly and excited over the promise of being cutting edge technophile guinea pigs and smart guys saving your company time and money with the cloud have to get the alarms before you think twice? If you give your business to companies that insist you have to put your IP on the cloud to use their products you are nothing more than a Russian Roulette volunteer who is counting on the other guy to take the bullet. I get really aggravated at how much traction these cloud proponents get and then think about the idea that they will not guarantee your security or productivity even though they will guarantee you a bill. It is why I write so much about the cloud because the only fallback method for these cloud guys is to repeat the lies often enough so that people will begin to think it is true. And so my rebuttals continue as do their lies. If they were honest with you their hopes for chattel labor would quickly go away.
I just bet that Dassault and Autodesk do not store their source code online. Perhaps you ought to be suspicious of these characters that hand you a chilled pitcher of refreshing Kool Aid but somehow don’t want to drink it with you.