Protecting against ransomware
-
- 5StarLounger
- Posts: 776
- Joined: 29 Jan 2010, 13:30
Protecting against ransomware
There's been a lot in the papers about ransomware recently. One article said it was vital that archives of personal files were taken so they could be restored in the event of an attack. I have, of course, always archived my files but was taken aback the the other day when another article said that the latest ransomware was encrypting the master file table, which of course means that restoring personal files is useless.
What do I need to be doing to secure myself against ransomware? Do I need to take a complete copy of the hard disc and, if so, what software is required?
I'm still using Windows XP so any software will have to run on that.
Many thanks
Silverback
What do I need to be doing to secure myself against ransomware? Do I need to take a complete copy of the hard disc and, if so, what software is required?
I'm still using Windows XP so any software will have to run on that.
Many thanks
Silverback
-
- GoldLounger
- Posts: 3081
- Joined: 24 Jan 2010, 19:07
Re: Protecting against ransomware
I'd assume that any kind of traditional backups of system disk and user data would work as long as they are stored offline, i.e. external backup media, external disks.
AOMEI Backupper is one of the programs that (also) supports Microsoft Windows XP. Macrium Reflect is another.
(Using Windows XP on computers connected to the Internet isn't recommended, even if they, for one reason or another, didn't get caught by one of the latest ransomware.)
AOMEI Backupper is one of the programs that (also) supports Microsoft Windows XP. Macrium Reflect is another.
(Using Windows XP on computers connected to the Internet isn't recommended, even if they, for one reason or another, didn't get caught by one of the latest ransomware.)
Byelingual When you speak two languages but start losing vocabulary in both of them.
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: Protecting against ransomware
I think the best way is to take a full image of your drives, using Acronis True Image or Shadow Protect or another. Keep the program itself on another media.silverback wrote:There's been a lot in the papers about ransomware recently. One article said it was vital that archives of personal files were taken so they could be restored in the event of an attack. I have, of course, always archived my files but was taken aback the the other day when another article said that the latest ransomware was encrypting the master file table, which of course means that restoring personal files is useless.
What do I need to be doing to secure myself against ransomware? Do I need to take a complete copy of the hard disc and, if so, what software is required?
I'm still using Windows XP so any software will have to run on that.
Many thanks
Silverback
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- Panoramic Lounger
- Posts: 8177
- Joined: 25 Jan 2010, 09:09
- Location: retirement
Re: Protecting against ransomware
How so? Surely if you did get caught and all you had was a (good/clean/safe) copy of your personal files then you could get back to where you were before the ransomware as follows:silverback wrote:...encrypting the master file table, which of course means that restoring personal files is useless...
1) nuke the HDD with DBAN, which would give you a completely clean slate
2) repartition & format the HDD
3) reinstall the OS
4) apply all the OS updates
5) restore your personal files
Ken
-
- Administrator
- Posts: 12612
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Protecting against ransomware
You missed a few steps Ken.
6) Reinstall all applications
7) Configure the operating system and applications the way you need them
6) Reinstall all applications
7) Configure the operating system and applications the way you need them
StuartR
-
- Panoramic Lounger
- Posts: 8177
- Joined: 25 Jan 2010, 09:09
- Location: retirement
Re: Protecting against ransomware
Fair Gov'StuartR wrote:You missed a few steps Ken...
Also, it would be tedious to have to resort to this procedure, especially compared to the already recommended method of restoring from a (clean) disk image. The only thing it has going for it is that it would get you out of a hole if all you had was a backup or your data files.
Ken
-
- Administrator
- Posts: 12612
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Protecting against ransomware
Truestuck wrote: Also, it would be tedious to have to resort to this procedure, especially compared to the already recommended method of restoring from a (clean) disk image. The only thing it has going for it is that it would get you out of a hole if all you had was a backup or your data files.
StuartR
-
- PlutoniumLounger
- Posts: 15640
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Protecting against ransomware
... although if I were nefarious, I'd encrypt the backups and then wait, say, two weeks before encrypting the main drive and asking for money.Argus wrote:I'd assume that any kind of traditional backups of system disk and user data would work as long as they are stored offline, i.e. external backup media, external disks.
I would imagine (although I'm sure that SUN Microsystems has a report on this) that 95% of the people who make regular backups do so on a weekly basis or more frequently than that.
(signed) "Nice Guy" of Toronto
He who plants a seed, plants life.
-
- GoldLounger
- Posts: 3081
- Joined: 24 Jan 2010, 19:07
Re: Protecting against ransomware
Yabbut I don't think ransomware is the biggest potential problem on a PC running an OS that sees no security updates. When it strikes, yes, but there are lots of other malware out there.
I check my backups every now and then, it's not fool proof though, since "every now and then" is quite random (perhaps an advantage in this case). I guess the biggest uncertainty is probably getting the backup boot media to run without problems, malware or no malware.
I check my backups every now and then, it's not fool proof though, since "every now and then" is quite random (perhaps an advantage in this case). I guess the biggest uncertainty is probably getting the backup boot media to run without problems, malware or no malware.
Byelingual When you speak two languages but start losing vocabulary in both of them.
-
- Panoramic Lounger
- Posts: 8177
- Joined: 25 Jan 2010, 09:09
- Location: retirement
Re: Protecting against ransomware
How would you do that if the backups are off-line? Presumably by having your malware sit there, silently, waiting to the backups to be connected and then pounce? Meanwhile, the security concious user that has their back-ups safe off-line is running a real-time malware checker, which finds and kills your malware...ChrisGreaves wrote:... although if I were nefarious...Argus wrote:...stored offline, i.e. external backup media, external disks.
Ken
-
- PlutoniumLounger
- Posts: 15640
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Protecting against ransomware
Hi Ken.stuck wrote:How would you do that if the backups are off-line? Presumably by having your malware sit there, silently, waiting to the backups to be connected and then pounce? Meanwhile, the security concious user that has their back-ups safe off-line is running a real-time malware checker, which finds and kills your malware...KenChrisGreaves wrote:... although if I were nefarious...Argus wrote:...stored offline, i.e. external backup media, external disks.
I was thinking that I would make this a two-step process.
(1) Encrypt the backup drives, and decrypt them temporarily while the backups are being run.
If the user does not use/test the backups, they will not know that they are encrypted.
I suspect that the ransomware encryption is, or could be, a matter of scrambling a few essential pointers.
It would not be like the business of TrueCrypt encrypting an entire drive on-the-fly; it could be quite fast.
(2) After a two-week delay, encrypt the main drive and demand money.
The user build a clean system, grabs the backup drives and discovers - TaDa! - that they too have been encrypted Lo! these past two weeks.
As for the user with a real-time malware checker, I suspect that ransomware preys on those who have no, or have ineffective malware checkers. A bit of a numbers game ...
Cheers
Chris
He who plants a seed, plants life.
-
- Administrator
- Posts: 12612
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Protecting against ransomware
One technique being used by malware right now is to encrypt your hard drive VERY slowly. A few files a day, over a period of weeks or even months. This can defeat even the best backup schedule.
StuartR
-
- Panoramic Lounger
- Posts: 8177
- Joined: 25 Jan 2010, 09:09
- Location: retirement
Re: Protecting against ransomware
Aka 'ordinary' users, the vast majority who are NOT likely to have any sort of back regime, let alone an off-line one. So why go to all the effort of trying to ensnare the minority who have back-ups? Numbers game again.ChrisGreaves wrote:...I suspect that ransomware preys on those who have no, or have ineffective malware checkers...
Ken
-
- PlutoniumLounger
- Posts: 15640
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Protecting against ransomware
Stuart:StuartR wrote:One technique being used by malware right now is to encrypt your hard drive VERY slowly. A few files a day, over a period of weeks or even months. This can defeat even the best backup schedule.
Ooooh! I like the idea. I suppose that “very slowly” expressed as “a few files per day” is a more detailed technique than my “all the files then wait two weeks”. That is, both techniques depend on a time interval. It’s the granularity that could make the difference.
I say “could” because I can conceive that I may find that my Christmas letter of 2016 was corrupted and get to pull the Emergency Cord before my client files were corrupted. That is, the fine-grained daily approach my not snag the really important files after all.
Sun Microsystems surved file usage some 10?15? years ago and found (I’m paraphrasing) that 95% of files were not accessed after seven days. I attended a presentation that described a three-tier system (online files, backed up to disk, backed up to tape) that exploited Sun’s study of file usage.
Cheers
Chris
He who plants a seed, plants life.
-
- 5StarLounger
- Posts: 776
- Joined: 29 Jan 2010, 13:30
Re: Protecting against ransomware
Gah! The problem with joining a forum with so many knowledgeable people is that anwers tend to become discussions by proxy. I came to post thanks to Argus and Viking and found there's an enormous geek discussion going on. Right! Back to the simple people.
Argus and Viking : Many thanks. I have purchased a USB connected external disc (disk?) and downloaded AOMEI BAckupper. I am now backing up images and system archives plus differential archives. Amazing what you can learn when people point you in the right direction.
Stuck : Thanks for your original posting but it's not a lot of use to people like me who do not have the OS discs; my computer (DELL) came with OS installed and no means of reinstalling.
As for the rest of you - in case they didn't know, you seem to be giving some very subversive ideas to these who start the ransomware blights. Can't you discuss these ideas in private?
Thanks to all who've contributed
Silverback
Tell me and I forget. Teach me and I remember. Involve me and I learn.
Benjamin Franklin
Argus and Viking : Many thanks. I have purchased a USB connected external disc (disk?) and downloaded AOMEI BAckupper. I am now backing up images and system archives plus differential archives. Amazing what you can learn when people point you in the right direction.
Stuck : Thanks for your original posting but it's not a lot of use to people like me who do not have the OS discs; my computer (DELL) came with OS installed and no means of reinstalling.
As for the rest of you - in case they didn't know, you seem to be giving some very subversive ideas to these who start the ransomware blights. Can't you discuss these ideas in private?
Thanks to all who've contributed
Silverback
Tell me and I forget. Teach me and I remember. Involve me and I learn.
Benjamin Franklin
-
- Administrator
- Posts: 78534
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Protecting against ransomware
Do you really think the 'bad guys' won't have thought of tricks like that? Sadly, there are many really intelligent people in the malware business...silverback wrote:As for the rest of you - in case they didn't know, you seem to be giving some very subversive ideas to these who start the ransomware blights. Can't you discuss these ideas in private?
Best wishes,
Hans
Hans
-
- PlutoniumLounger
- Posts: 15640
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Protecting against ransomware
Now now, Hans. Don't get your back up .....HansV wrote:Do you really think the 'bad guys' won't have thought of tricks like that? Sadly, there are many really intelligent people in the malware business...
He who plants a seed, plants life.
-
- Administrator
- Posts: 12612
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Protecting against ransomware
Sadly, I learned my "tricks" from analysis of real incidents that have hurt real organizations.
StuartR
-
- GoldLounger
- Posts: 3081
- Joined: 24 Jan 2010, 19:07
Re: Protecting against ransomware
Before your comment I was just going to mention that, seen in so many forums; when the OP's away you can see all kinds of discussions.silverback wrote:Gah! The problem with joining a forum with so many knowledgeable people is that anwers tend to become discussions by proxy. I came to post thanks to Argus and Viking and found there's an enormous geek discussion going on. Right! Back to the simple people.
I think there are several good backup programs; Bob mentioned some renowned ones; some are freeware with some limitations. I used the free version of Macrium Reflect several years ago, but switched to AOMEI Backupper when I built a new PC some years ago; mainly because of features at the time (incremental and differential backups etc.). They have now added more features.silverback wrote:Argus and Viking : Many thanks. I have purchased a USB connected external disc (disk?) and downloaded AOMEI BAckupper. I am now backing up images and system archives plus differential archives. Amazing what you can learn when people point you in the right direction.
As for the idea to slowly encrypt the hard drive; with backups stretching 2-3 years back it could be possible to restore quite a large percentage.
Byelingual When you speak two languages but start losing vocabulary in both of them.
-
- Administrator
- Posts: 12612
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Protecting against ransomware
The biggest problem with the gradual encryption is the effort needed to work out which files were encrypted when
StuartR