Ransom protection

Topic

New Reply

I’m looking for some reassurance. With ransom ware becoming ever more prevalent, I’m wondering how safe my drive images are. As I understand it the malicious software encrypts all drives that are attached to the infected machine. Is that correct? And if so what happens when I plug in the external, uninfected drive on which I have the image? Will it then be encrypted before I get the chance to restore the image?

David

Reply | Quote

Replies

I a word, yes.
You need to clean your machine and then boot from a clean backup boot disk before connecting your backup drive.

Ultimately, the only way to be safe is not to become infected. 🙁

cheers, Paul

Reply | Quote

You need to clean your machine and then boot from a clean backup boot disk before connecting your backup drive.l

Thanks Paul. I’d have to agree that not getting infected is a “good” idea. However, “In the unlikely event…” as we say in the airline industry, of someone clicking on a link with mind in neutral it could happen. So the cleaning would consist of what? Booting from a CD/DVD and running a cleaner? Or formatting and then restoring the image?

David

Reply | Quote

So the cleaning would consist of what? Booting from a CD/DVD and running a cleaner? Or formatting and then restoring the image?

If your imaging program can be run from a bootable CD or USB stick, do that. It will overwrite the system partition and that should remove the infection.

HTH, Martin

Reply | Quote

The place to start is run a scan with your AV, then maybe an on-line scan etc, etc. This really needs to be raised as a separate question in Security because each infection is different.

cheers, Paul

Reply | Quote

Thanks Paul. It might make a good article in the Win Secrets Newsletter.

Reply | Quote

Thanks Paul. It might make a good article in the Win Secrets Newsletter.

The article was in the newsletter four days ago: Protecting your backup files from ransomware

Reply | Quote

The article was in the newsletter four days ago: Protecting your backup files from ransomware

Another related question: my other laptop is on the same home network as the primary, but it’s always left in hibernate mode. I don’t see how any kind of virus or ransom could ‘wake’ the second computer and infect it, but thought I’d ask here.

Reply | Quote

Another related question: my other laptop is on the same home network as the primary, but it’s always left in hibernate mode. I don’t see how any kind of virus or ransom could ‘wake’ the second computer and infect it, but thought I’d ask here.

Always? Can you access its files from another computer?

Reply | Quote

The article was in the newsletter four days ago:/QUOTE]

Ah! Thanks, I have been in Bali for the last 4 weeks and haven’t seen that article. Will have a look.

David

Reply | Quote

I just read the article about ransomware protection. Fred wrote:

“But before running my monthly whole-system backups (to a different external drive), I verify that the PC is truly clean by scanning with a separate tool such as ESET’s online scanner”

So that is fine if the machine is indeed clean, and you want to make another back-up. However, in a worst case situation with the machine already infected, will my AV program (Avast), or an on-line scanner, remove the infection leaving the machine ‘clean’ and ready to be restored from an image?

I use ‘Image for Windows’ and the image is created on a bootable USB thumb drive. If I boot using that drive will it be safe from infection?

David

Reply | Quote

If you become aware that your computer is infected, then you should turn off your computer, then insert and boot from your flash drive (or CD?). If Windows is not running then you can restore an image and that will overwrite everything on your hard disk drive.
(If you want to be even more careful, then wipe your hard drive before doing the restore!)

Image or Clone often! Backup, backup, backup, backup......
- - - - -
Home Built: Windows 10 Home 64-bit, AMD Athlon II X3 435 CPU, 16GB RAM, ASUSTeK M4A89GTD-PRO/USB3 (AM3) motherboard, 512GB SanDisk SSD, 3 TB WD HDD, 1024MB ATI AMD RADEON HD 6450 video, ASUS VE278 (1920x1080) display, ATAPI iHAS224 Optical Drive, integrated Realtek HD Audio

Reply | Quote

If you become aware that your computer is infected, then you should turn off your computer, then insert and boot from your flash drive (or CD?)

Although booting from CD / USB in W8 or 10 can be tricky and failure to boot from USB may infect your USB. A CD is the safest mechanism because it’s read only.

cheers, Paul

Reply | Quote

Although booting from CD / USB in W8 or 10 can be tricky and failure to boot from USB may infect your USB. A CD is the safest mechanism because it’s read only.

cheers, Paul

Thanks, Paul. I should have said that a CD is safer. (I most often remove a suspect hard drive and connect it to another computer to restore an image under such circumstances.)

Image or Clone often! Backup, backup, backup, backup......
- - - - -
Home Built: Windows 10 Home 64-bit, AMD Athlon II X3 435 CPU, 16GB RAM, ASUSTeK M4A89GTD-PRO/USB3 (AM3) motherboard, 512GB SanDisk SSD, 3 TB WD HDD, 1024MB ATI AMD RADEON HD 6450 video, ASUS VE278 (1920x1080) display, ATAPI iHAS224 Optical Drive, integrated Realtek HD Audio

Reply | Quote

This morning (April 12) NPR’s “On Point” host Tom Ashbrook spent an hour on the subject of Ransomware. Which got me to thinking again about my situation. Coupled with Fred Langa’s recent article I think I know the answer but will also welcome input. With Windows 8.1 Update in place and using a spinning platter external hard drive connected to the PC BUT not turned on except to run File History or create a System Image Backup am I safe from an inadvertent stumble into a ransomware takeover. I’ve heard/read that disconnecting a external hard drive from the PC will keep the drive from becoming infected. Sure enough. But I also think that as long as the off/on switch for the drive is in the off position there ain’t no infection getting in. Do I get a “amen” on this or not…

Reply | Quote

The disk will not become infected until you connect it / turn it on. Then all bets are off.

cheers, Paul

Reply | Quote

The disk will not become infected until you connect it / turn it on. Then all bets are off.

cheers, Paul

Agreed. Thanks for the response, Paul.

Reply | Quote

I save my backup images to a second dedicated internal hard drive – presumably there is no hope with this and i should invest in an external usb drive. (Windows 10/Macrium Reflect).

Reply | Quote

I save my backup images to a second dedicated internal hard drive – presumably there is no hope with this and i should invest in an external usb drive. (Windows 10/Macrium Reflect).

I agree with your thought of an external drive, platter or solid state with off/on switch so that the drive is isolated from the laptop/desktop until you need to turn it on. One can also disconnect cables for added peace of mind but a switch in the drive power circuit eliminates that need unless you want the extra assurance. As the experts say the first defense is being careful about what we open. Even the emails/attachments that trusted sources send us. Not always easy to remember.

Reply | Quote