SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Here's how to deal with ransomware
Go
New
Find
Notify
Tools
Reply
  
Here's how to deal with ransomware Login/Join 
Peace through
superior firepower
Picture of parabellum
posted
Step 1: Perform daily backups of critical data onto an encrypted drive and have multiple copies of the backup.

Step 2: Upon hijacking of your computer, format your hard drive, reinstall your OS and restore your data from backup.

Step 3: If possible, send a message to the filthy thieves and tell them to shove their ransomware straight up their foreign ass.

Step 4: Steppin' large, laughin' easy.
 
Posts: 110132 | Registered: January 20, 2000Reply With QuoteReport This Post
Honky Lips
Picture of FenderBender
posted Hide Post
That'll do it. I'd also keep those backups on more than one media.
 
Posts: 8198 | Registered: July 24, 2009Reply With QuoteReport This Post
Ammoholic
Picture of Skins2881
posted Hide Post
I was hoping the answer was M.O.A.B. Frown



Jesse

Sic Semper Tyrannis
 
Posts: 21347 | Location: Loudoun County, Virginia | Registered: December 27, 2014Reply With QuoteReport This Post
quarter MOA visionary
Picture of smschulz
posted Hide Post
The only real safe way is to "air gap" them.
Back up and take offline.
They WILL corrupt backups where the backup can be reached by the virus including network devices or attached drives.
 
Posts: 23434 | Location: Houston, TX | Registered: June 11, 2006Reply With QuoteReport This Post
Thank you
Very little
Picture of HRK
posted Hide Post
I've signed up with one drive to back up my data today, going to check with Spectrum to see what they offer, and I have a third drive off the PC for local backup...

I had been planning to do the one drive thing for a little while and kept putting it off, guess it's time..
 
Posts: 24676 | Location: Gunshine State | Registered: November 07, 2008Reply With QuoteReport This Post
Do the next
right thing
Picture of bobtheelf
posted Hide Post
quote:
Originally posted by smschulz:
The only real safe way is to "air gap" them.
Back up and take offline.
They WILL corrupt backups where the backup can be reached by the virus including network devices or attached drives.


This. If your backup is online when the infection occurs, you can bet your backups will be hosed too. Multiple backups are good, but never attached at the same time.
 
Posts: 3686 | Location: Nashville | Registered: July 23, 2012Reply With QuoteReport This Post
Member
posted Hide Post
Is it possible to backup the whole computer then reinstall if everything goes sideways? (Sorry, an operator not a geek)


____________________________
"Fear is a Reaction - Courage is a Decision.” - Winston Spencer Churchill
NRA Life Member - Adorable Deplorable Garbage
 
Posts: 951 | Location: SE-PA | Registered: August 09, 2006Reply With QuoteReport This Post
Member
posted Hide Post
Step 5:

But then, I think heads on pikes is a good answer for many larger, group problems. It comes down to whose heads are up there.
 
Posts: 581 | Location: Alaska | Registered: September 29, 2008Reply With QuoteReport This Post
Peace through
superior firepower
Picture of parabellum
posted Hide Post
quote:
Originally posted by Cassandra:
Is it possible to backup the whole computer then reinstall if everything goes sideways? (Sorry, an operator not a geek)
Yes, you can create an image. There's software which allows you to do this. I've never bothered. It's been five years since I've had to start from scratch.


____________________________________________________

"I am your retribution." - Donald Trump, speech at CPAC, March 4, 2023
 
Posts: 110132 | Registered: January 20, 2000Reply With QuoteReport This Post
Comic Relief
Picture of Eponym
posted Hide Post
quote:
Originally posted by Cassandra:
Is it possible to backup the whole computer then reinstall if everything goes sideways? (Sorry, an operator not a geek)
You can create a disk image using software, then restore the image to recover. You don't have to reinstall anything; the image is a clone of the hard disk and contains everything that was on your computer, including software, the registry settings, files, etc.

Disk ("ghost") images are often used by companies. The company sets up a master computer, then creates images of it. The image is copied to all employee computers so that they are guaranteed to be set up identically.

See Wikipedia: Ghost software for more information.

Edit: Para beat me to it.
 
Posts: 4828 | Location: Indianapolis, IN | Registered: September 28, 2005Reply With QuoteReport This Post
Member
posted Hide Post
I don't bother with backups, hard drives have become so cheap now I simply clone my hard drive once a month. Keep 3 drives in rotation so if I get hit it's simply a matter of replacing the infected hard drive with the most recent clone.

PS; I would appreciate a conclusive answer to one quandary I have at work. Our reception computer got hit with ransomware about a month back an I really don't know what to do with the infected drive. Key question is would it be save to do a full Format of the infected drive and put it back into the rotation as a clone. My concern is that simply connecting the infected drive to another computer to format the infected drive might infect that computer.


I've stopped counting.
 
Posts: 5784 | Location: Michigan | Registered: November 07, 2008Reply With QuoteReport This Post
Member
posted Hide Post
quote:
Originally posted by Scooter123:
I don't bother with backups, hard drives have become so cheap now I simply clone my hard drive once a month. Keep 3 drives in rotation so if I get hit it's simply a matter of replacing the infected hard drive with the most recent clone.

PS; I would appreciate a conclusive answer to one quandary I have at work. Our reception computer got hit with ransomware about a month back an I really don't know what to do with the infected drive. Key question is would it be safe to do a full Format of the infected drive and put it back into the rotation as a clone. My concern is that simply connecting the infected drive to another computer to format the infected drive might infect that computer.


I've stopped counting.
 
Posts: 5784 | Location: Michigan | Registered: November 07, 2008Reply With QuoteReport This Post
Let's be careful
out there
posted Hide Post
with a suitable backstop, I have found infected or old, worn hard drives make great sight-in targets for shotgun slugs.
 
Posts: 7334 | Location: NW OHIO | Registered: May 29, 2006Reply With QuoteReport This Post
Thank you
Very little
Picture of HRK
posted Hide Post
Take it to the range and shoot it
 
Posts: 24676 | Location: Gunshine State | Registered: November 07, 2008Reply With QuoteReport This Post
A Grateful American
Picture of sigmonkey
posted Hide Post
quote:
Originally posted by parabellum:
Step 1: Perform daily backups of critical data onto an encrypted drive and have multiple copies of the backup.

Step 2: Upon hijacking of your computer, format your hard drive, reinstall your OS and restore your data from backup.

Step 3: If possible, send a message to the filthy thieves and tell them to shove their ransomware straight up their foreign ass.

Step 4: Steppin' large, laughin' easy.


Have done it twice now.

4 states, 30+ servers, a pile of users and your gonna get bit.

1. Create an effective plan.
2. Test that sucker six ways from Sunday.
3. Wait....

Oh, and BOB and a current resume.




"the meaning of life, is to give life meaning" Ani Yehudi אני יהודי Le'olam lo shuv לעולם לא שוב!
 
Posts: 44731 | Location: ...... I am thrice divorced, and I live in a van DOWN BY THE RIVER!!! (in Arkansas) | Registered: December 20, 2008Reply With QuoteReport This Post
member
Picture of henryaz
posted Hide Post
 
My bootable backups are in my safe deposit box. A 3TB drive gets switched out the first of every month. I rely on those, though I may lose a few days in the event of a compromise.
 
 
Posts: 10887 | Location: South Congress AZ | Registered: May 27, 2006Reply With QuoteReport This Post
Member
posted Hide Post
How do you clone your HD to another HD?

Can you save data from one computer to another, even if it has a new version of MS windows?


NRA Life Endowment member
Tri-State Gun collectors Life Member
 
Posts: 2794 | Location: Ohio | Registered: December 18, 2014Reply With QuoteReport This Post
A Grateful American
Picture of sigmonkey
posted Hide Post
Several free apps available to clone drives, partitions and such.

You can do so using a slaved drive in the system or USB drives.

Here is one.

The application does not care with what OS it is running.

https://www.macrium.com/reflectfree




"the meaning of life, is to give life meaning" Ani Yehudi אני יהודי Le'olam lo shuv לעולם לא שוב!
 
Posts: 44731 | Location: ...... I am thrice divorced, and I live in a van DOWN BY THE RIVER!!! (in Arkansas) | Registered: December 20, 2008Reply With QuoteReport This Post
Member
Picture of wrightd
posted Hide Post
quote:
Originally posted by Cassandra:
Is it possible to backup the whole computer then reinstall if everything goes sideways? (Sorry, an operator not a geek)

Yes, but that requires imaging software, and daily would not be practical because taking an image is more or less a slow process. This is not my area of specialty, but that's how I understand it without further research.




Lover of the US Constitution
Wile E. Coyote School of DIY Disaster
 
Posts: 9112 | Location: Nowhere the constitution is not honored | Registered: February 01, 2008Reply With QuoteReport This Post
Member
posted Hide Post
One of my main computers, a Core i7 Dell desktop, has been running since May 2009 without an infection of any kind. It is very simple:

Only 1 admin account, and no one in the house has the password/fingerprint for admin except me.

Everyone has a non-admin account, including myself. Admin account is never used unless an installation is needed.


Kids have been banging on it, as well as guests and others. If anyone needs to install anything, it'd have to be me and I always google the app before installation. That system remains snappy and fast until this day. Over time I have upgraded memory (24 GB RAM) and HDD and video card (GTX 960) but since it runs virtually spyware and virus free, it is snappy and has never slowed down.
 
Posts: 1823 | Location: Austin TX | Registered: October 30, 2003Reply With QuoteReport This Post
  Powered by Social Strata  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Here's how to deal with ransomware

© SIGforum 2024