Go | New | Find | Notify | Tools | Reply | |
Nullus Anxietas |
If the backup device is always accessible from the PC: It's vulnerable. I have a pair of USB drives. One's hooked up to the computer for unattended backups. The other's in the safe. They get swapped monthly. When they're swapped, a full backup is automatically done. Then, on following days, so-called "differential" backups, backing up only what's changed since the previous day, are done. I have only two drives. You can do this with as many as you like. And swap them as often as you feel your exposure warrants. (I cannot help you with backup software choices. I rolled my own.) My backup mechanism I regard to be sufficient because I judge my exposure to be relatively limited. I use RAID storage, I don't run the most exploited O/S on the market or any of the most commonly-exploited software, my network connectivity is nailed-down tightly and I practice Safe Computing™. Conversely: The average computer user is betting it all on one hard drive; is using the most exploited O/S on the market; runs several of the most commonly-exploited pieces of software on the market; has little, if anything, in the way of a backup procedure; has little, if anything, in the way of Internet border firewalling, and does not practice safe computing. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
| Shit don't mean shit |
Man, that truly sucks. Just curious, do you know how you got infected? Do you login as a privileged user (admin user), or do you have a non-admin account for day-to-day web surfing? After my wife ran a program that installed a virus several years ago I no longer use the admin account. She's asked me for the PW, but I don't give it to her. She once said she needed it because in order to track a FedEx package she needed to install something.  It dind't get installed. | |||
|
quarter MOA visionary |
Like I mentioned before and ensigmatic illuminated > the only thing is to "air gap" your back up, take them offine so that they cannot be attacked when the event hits. There are other variations of this but the easiest (if you are disciplined enough to do it) method. Additionally, online backup copies, encrypted backups, back up to NAS with snap shots, using specific backup credentials all can have some degree of effectiveness. | |||
|
| Member |
I use an older Synology DS213 RAID system for backup. When my backup software alerts that it's time to perform a full or incremental backup, I turn the DS213 on, perform the backup, and then immediately turn it off. Doesn't protect against fire or flood, but just about everything else. | |||
|
| Little ray of sunshine  |
Yes. I don't know how hard or difficult it would be to un-encrypt the data if it is too late for that. I suspect it would be hard. Encryption is robust and easy. The fish is mute, expressionless. The fish doesn't think because the fish knows everything. | |||
|
| Little ray of sunshine |
Criminals may use Bitcoin, but criminals also use guns and autos. That doesn't make guns and autos "criminal." It isn't the thing, it is the criminal. The fish is mute, expressionless. The fish doesn't think because the fish knows everything. | |||
|
McNoob |
Yep, my experience is that no one cares until they are faced with major data loss. Just to add to what others have said. I do images every 6 months, or as needed, and data backups on average every 3 days. I store that on a NAS box, with other collective data. I make copies of that data over multiple computers. I then backup to large external hard drives. One in my fire safe and one in a safety deposit box, swapping as needed. Nothing of importance in the "cloud" for me. "We've done four already, but now we're steady..." | |||
|
| I'd rather have luck than skill any day  |
I tried this, unfortunately it did not work. | |||
|
| Member |
+1 | |||
|
| Member |
Some of the next generation AV applications can protect you from ransomware. Look for programs that don't use virus definitions but are behavior based using machine learning or artificial intelligence. Cylance and SentinalOne are both next gen AV applications and there are many others. I set up Cylance at work and have been very impressed with the results. | |||
|
eh-TEE-oh-clez |
I don't think this strategy has ever been good enough. What happens if your house were to catch fire? Gone goes your computer, and the external storage device attached to it. Now what? A good backpack strategy is to follow the 3-2-1 rule. At least: 3 copies, in 2 different formats, 1 stored off site. My application of the 3-2-1 rule looks a little like this: Copy 1 - Format 1 - Location 1: Computer OS Drive and Data Drive Copy 2 - Format 2 - Location 1: Acronis True Image backup onto a Network Attached Storage (NAS) Drive. Format 2 because these files are not an exact copy of their originals, but instead are in a special Acronis backup container/format. Also Format 2 because these are on a different media (magnetic platter vs SSD). *Bonus Copy 2 - Format 2 - Location 1: The NAS, above, has a redundant drive that is a mirror of the first. Copy 3 - Format 1 - Location 2: Cloud backup to Google's Backup-And-Sync of Photos, Videos, and Documents. Location 2 because it is offsite. If my house catches fire, this copy is safe. Or if the Google server farm gets bombed, my local copy is safe. Copy 4 - Format 1 - Location 1: Occasional, manual backe up of Photos, Videos, and Documents to an External USB Drive. In this setup, even if the Ransomeware gets past my Anti-Virus and Acronis' Active Protection, and encrypted files from my computer get migrated/synced up to the cloud, Google will hypothetically have old/previous versions of my files saved. I should be able to just restore the old versions. Of course, you can't really completely depend on file versioning as your saving grace. Luckily, part of my workflow is that I need my pictures, videos, and files to work on both my desktop and laptop--so incidentally, I have an external USB drive that is synched with my desktop whenever I come home with a new batch of photos or whenever I take my laptop with me on my travels. This serves as my last ditch backup, as these files aren't guaranteed to be 100% up to date at any given time, but will have 99% of everything I might lose to a Ransomware attack. This is the "air gap" that the previous posters were referring to. | |||
|
| Member |
Other than try to give you a future backup strategy I will give you this. Back your hard drive now. As others have mentioned air gap the backup drive when complete. There is a chance there will be a decrypting tool in the future. Once you have your encrypted photos backed up, do a fresh OS install, and get all security updates for whatever OS you're running. That nasty shit is still lingering on your current system. Keep Googling payday@cryptmaster.info. Something will come up sooner or later. Your choice if you want to pay or not. I wouldn't. Good luck. My wife LOST her iPhone with about 40gb of recent family photos on it. No backup. They're gone. I feel your pain. | |||
|
| I'd rather have luck than skill any day |
I've had a little time to assess the damage. It's bad, there's no debating that. Surprisingly Windows is little effected. However, everything data wise short of audio and video files are hopelessly encrypted. Not sure why they were spared...I have backup of pictures locally and in cloud, so hopefully between the two I'll salvage most of them. Several people called it an "air gap." That's what I lacked. If you ain't figured it out yet, it means your backup device cannot be connected to the computer; otherwise it may become as infected as the host machine. Currently I'm retrieving those audio and video files to an external drive. I'll reinstall Windows 10 Pro tomorrow. I doubt it's possible to reuse licenses for programs such as Adobe Acrobat, Acronis True Image and MS Office. I may simply have to repurchase. I considered Linux, even downloaded the latest Ubuntu version. Nah...I'm too old for this shit. Thanks all for the condolences and words of wisdom. It may take me a day or two to get back... | |||
|
Baroque Bloke |
You might consider FreeBSD, the unix-like OS that powers all Apple OS X machines. I've used OS X for 16+ years with no antivirus software and have never been infected. For the past year I have used Malwarebytes, to scan for malware once a day (takes about 20 seconds). It's never reported any malware. Serious about crackers | |||
|
| I believe in the principle of Due Process  |
I’m scarcely an experienced user, but my brief foray into Linux has shown me that whatever it may have been in the past, it is now housebroken. There will be some adjusting, learning, etc but nothing so mysterious as to be daunting or intimidating, certainly no more so than transitioning from XP to W10 for example. The one caveat is that there are programs (apps) that are unique to Windows, and there are ways to handle many of those. Luckily, I have enough willpower to control the driving ambition that rages within me. When you had the votes, we did things your way. Now, we have the votes and you will be doing things our way. This lesson in political reality from Lyndon B. Johnson "Some things are apparent. Where government moves in, community retreats, civil society disintegrates and our ability to control our own destiny atrophies. The result is: families under siege; war in the streets; unapologetic expropriation of property; the precipitous decline of the rule of law; the rapid rise of corruption; the loss of civility and the triumph of deceit. The result is a debased, debauched culture which finds moral depravity entertaining and virtue contemptible." - Justice Janice Rogers Brown | |||
|
| Knows too little about too much  |
I have never seen MalwareBytes report anything either. How in hell do you get it to scan in 20 seconds? Mine takes at least a hour. RMD TL Davis: “The Second Amendment is special, not because it protects guns, but because its violation signals a government with the intention to oppress its people…” Remember: After the first one, the rest are free. | |||
|
| Nullus Anxietas |
Indeed. I'm an IT guy. Have been since the days of Apple ][s, Commodore 64s, Exidy Sorcerers and Osborne lug-ables. I've installed, maintained, administered, recovered, what-have-you, all manner of MS-Win, Linuxen, Unixen, Mac OS, Amiga OS, CP/M and some stuff most here probably never heard of. (Some even I've forgotten.) Modern desktop Linux' are pretty well tamed. So well-tamed, in fact, that I and my colleagues at work spent considerably less time and effort installing and configuring typical Linux flavours than we did any version of MS-Windows.
Yup.
That's the downside. Some stuff is simply not available in any form. And other stuff may suffice for many (I get along fine with The Gimp for image editing/creation, for example), but won't be quite as good as commercial versions on MS-Windows. Or Mac OS X. That's another alternative. More spendy, for less storage and compute power, but peace of mind. It's not invulnerable (neither is Linux, btw), but your exposure is significantly reduced. I'm going to get an  from my friend smschulz for this, and perhaps rightfully so, but I do not trust any MS-Win box to anything vital or sensitive. And have not for close to a decade. It has been shown to my personal satisfaction they are too quickly, easily and quietly compromised. It has also been demonstrated to my satisfaction that anti-virus/-malware software is mostly ineffective."America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Member |
How do these people encrypt the data on the machine without any process or notification? Can they encrypt data that has already been encrypted? Just curious because I'm not really familiar with how someone can break through firewalls, gain access to the computer and encrypt it without something picking up on it. All my computers are factory installs with all the updates and anything worth keeping are on encrypted SDcards or external HDs that are backed up weekly using a leapfrog method. Nothing is on the cloud. __________________________________________________________________ Beware the man who has one gun because he probably knows how to use it. | |||
|
| Nullus Anxietas |
Background process. Maybe even running with Administrator rights. Or wait until nobody's looking.
Yes.
In most cases it's somebody opening a web page, image, email, some document they shouldn't. E.g.: I used to fairly regularly note here that Adobe Flash was Yet Again Shown To Be Severely Compromised. Yet, again and again, I see members post, yup, Flash videos. Or comment on Flash videos. I gave up on trying to convince people that, of all the risky things they could do, having Adobe Flash on their computers was at about the top of the list. A lot of compromised content, when the user activates it, shows no sign whatsoever that it's been launched. Then it sits there waiting for the computer to go quiet, then gets to work. One of the worst things MS-Win users can do is lower or defeat UAC (User Account Control). Yet no matter how many times, and how LOUDLY that advice has been given: People still do it, because they find the "Do you want to allow this system change" type warnings "annoying." Well, take that away and you might almost as well be running MS-Win XP, which had no such protection--which was its, and prior versions of MS-Win's, most significant weakness. Or, worse, they run their computers with the Administrator login. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
| eh-TEE-oh-clez |
Firewalls block outside attacks through your network. Ransomware is typically a malicious program that gets downloaded and run on your machine, usually by accident. The software then runs in the background, encrypting things while you use your computer. Often, it will start by changing the names/file extensions of certain types of files, as this can be done in a moment, and further encryption comes along after the fact as the user tries to trouble shoot what he doesn't realize as a ransomware attack. If you ever downloaded a file from someone, double clicked to open it, and your computer did nothing, you probably downloaded some sort of virus. You double clicking the file probably just ran the executable. | |||
|
| Powered by Social Strata | Page 1 2 3 |
 | Please Wait. Your request is being processed... |
|
© SIGforum 2024