Hello and welcome to the Monday, March 12th, 2018 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich and the time recording from San Francisco, California.

Paying to get your files back after you have been infected by ransomware has always been a dubious

solution. But if you ever wondered what your chances are

to get your files back after paying as expected they're not really all that great only about

half the companies surveyed by security company cyberch got their files back after paying.

I think this ratio is actually better than what I expected.

The good news, most of the companies got their files back without paying by essentially just restoring from backups.

Well, I always take surveys like this with a grain of salt and this one particular,

not really clear whether or not they did anything closely scientific here or just surveyed their

customers. The lesson here that I think is definitely valid is that good backups give you a better chance of recovering your files

than paying the ransom. And actually, one thing that I've seen a lot with ransomware,

if you do catch it quickly enough, there is a good chance that many of the files are actually

not encrypted at all. They just change the file name, so that's another way to get some of your files back

if the backups don't work out.

Now, we have seen somewhat regularly vulnerable routers used to further compromise networks.

One of the most common and simplest methods this is usually done is by DNS changers

that change the DNS setting off the router, and then of course those settings may

propagate into the network via DHCP.

But Kerski came across a new piece of router malware that appears to be more

targeted in particular aimed at SIS admins. The malware affects routers made by Microdic and spreads

to the Sysadmin via the admin utility used to manage the router. So not via DNS settings, the administrator has to

...