Hello
We are in a period where malware is written with the aim of blocking the data files and then ask for a ransom (ransomware) so I thought about doing this simple guide.
At this time the ransomware has spread in a Windows environment, but expect to be immune only because Windows is not used by the unwary.
There are some simple backup strategies be implemented allowing you relatively safe in case of such attacks and avoid disasters.
First of all, how does a ransomware? A software of this type is inadvertently activated by the user by opening, for example, an attachment of a mail art created to fool the user. Once launched, the software starts to encrypt local data and data files that it finds in the network connections available.
Then attacked by malware files must be accessible by the user who ran the malware and, if located on network shares, they must be mapped at that time or must be writable by the user.
The following are some possible backup strategies.
-Simple and effective solution: offline backup.
Offline backup is to save data to a storage device that is connected to your computer only for the amount of data and copy is kept normally off in a safe place.
Typical example is the key or USB drive that is connected to a computer, is backed up and is removed at the end of operations. But it could also be a NAS that is switched on only during the backup.
How to make a backup of this type is not necessarily manual and cannot be automated.
It is advisable to have at least two backup copies on two different devices and rotating devices used.
Pro:
simple solution;
backups when the user decides who chooses to copy data in the most appropriate.
Cons:
solution is not automated, you must remember to make backups and must have desire to do so.
If done too often or if there is a proper rotation, in case of ransomware attack you may copy the encrypted data and overwrite the data in the clear.
A bit more technological solution: secure file sharing NAS
Obviously for this you need a NAS solution. There are many models to choose from; There are also free distributions (OpenMediaVault, FreeNAS) that convert a PC into a NAS. The important thing is that the NAS can share folders using SMB/CIFS (the file sharing protocol in Windows) and you can restrict access to folders via a login/password pair; set up one or more NAS one or more shared folders whose access occurs only on presentation of your login and password that are not saved on your computer. You can optionally make sharing hidden, but not consider it a form of security.
To save on your computer you can install backup software that allows you to save the credentials network disks in the backup profile to run.
A slightly less secure alternative is to create a script (batch file) that maps sharing via the NET USE command to which the password is passed on the command line. In this case, the credentials will be stored unencrypted on a text file on your computer to save.
To verify that Windows does not have the credentials to access a share restart your system and try to access the share itself. If Windows is able to access, go to the Control Panel, open Credential Manager and delete the login credentials to the NAS. If there is no Credential Manager in Control Panel, use this command line to invoke the list of saved credentials:
rundll32.exe keymgr.dll, KRShowKeyMgr
Pro:
backups occur automatically, provided that the devices are turned on;
If you use backup software, reporting could help the non-expert user.
Cons:
you need a NAS;
a non-expert could leave security holes on the NAS.
-Online Backup
This method depends a lot from backup service used and, hence, by the software that performs the backup.
Having regard to the variety of offers, it is very difficult to perform analysis on these types of backups.
-Other methods
Some users, especially those advanced, have other ways of making backups. There is the best of all, in general, any method is fine, as long as you can recover data in case of total loss of the computer you want to save.
If you want to CryptoLocker type attacks supervision, but also from other ransomwares, the basic concept is to have, in addition to the usual backup, also an offline backup done maybe more relaxed time.
In conclusion
Whatever the method chosen, the important thing is that it is relatively easy to restore the saved data. In fact, it should be remembered that the only real purpose of backup is to perform a successful recovery.
A good idea is to write on a sheet of paper the credentials that are used and any backup software that are used to make the copies. This way if a technician will be able to assist you more efficiently.
Another good rule of thumb is to save on each media any recovery ISO file created by the backup software, a copy of the software and any activation keys.
Lastly remember every so often to try restoring backups of any file and verify that the file is undamaged.
We are in a period where malware is written with the aim of blocking the data files and then ask for a ransom (ransomware) so I thought about doing this simple guide.
At this time the ransomware has spread in a Windows environment, but expect to be immune only because Windows is not used by the unwary.
There are some simple backup strategies be implemented allowing you relatively safe in case of such attacks and avoid disasters.
First of all, how does a ransomware? A software of this type is inadvertently activated by the user by opening, for example, an attachment of a mail art created to fool the user. Once launched, the software starts to encrypt local data and data files that it finds in the network connections available.
Then attacked by malware files must be accessible by the user who ran the malware and, if located on network shares, they must be mapped at that time or must be writable by the user.
The following are some possible backup strategies.
-Simple and effective solution: offline backup.
Offline backup is to save data to a storage device that is connected to your computer only for the amount of data and copy is kept normally off in a safe place.
Typical example is the key or USB drive that is connected to a computer, is backed up and is removed at the end of operations. But it could also be a NAS that is switched on only during the backup.
How to make a backup of this type is not necessarily manual and cannot be automated.
It is advisable to have at least two backup copies on two different devices and rotating devices used.
Pro:
simple solution;
backups when the user decides who chooses to copy data in the most appropriate.
Cons:
solution is not automated, you must remember to make backups and must have desire to do so.
If done too often or if there is a proper rotation, in case of ransomware attack you may copy the encrypted data and overwrite the data in the clear.
A bit more technological solution: secure file sharing NAS
Obviously for this you need a NAS solution. There are many models to choose from; There are also free distributions (OpenMediaVault, FreeNAS) that convert a PC into a NAS. The important thing is that the NAS can share folders using SMB/CIFS (the file sharing protocol in Windows) and you can restrict access to folders via a login/password pair; set up one or more NAS one or more shared folders whose access occurs only on presentation of your login and password that are not saved on your computer. You can optionally make sharing hidden, but not consider it a form of security.
To save on your computer you can install backup software that allows you to save the credentials network disks in the backup profile to run.
A slightly less secure alternative is to create a script (batch file) that maps sharing via the NET USE command to which the password is passed on the command line. In this case, the credentials will be stored unencrypted on a text file on your computer to save.
To verify that Windows does not have the credentials to access a share restart your system and try to access the share itself. If Windows is able to access, go to the Control Panel, open Credential Manager and delete the login credentials to the NAS. If there is no Credential Manager in Control Panel, use this command line to invoke the list of saved credentials:
rundll32.exe keymgr.dll, KRShowKeyMgr
Pro:
backups occur automatically, provided that the devices are turned on;
If you use backup software, reporting could help the non-expert user.
Cons:
you need a NAS;
a non-expert could leave security holes on the NAS.
-Online Backup
This method depends a lot from backup service used and, hence, by the software that performs the backup.
Having regard to the variety of offers, it is very difficult to perform analysis on these types of backups.
-Other methods
Some users, especially those advanced, have other ways of making backups. There is the best of all, in general, any method is fine, as long as you can recover data in case of total loss of the computer you want to save.
If you want to CryptoLocker type attacks supervision, but also from other ransomwares, the basic concept is to have, in addition to the usual backup, also an offline backup done maybe more relaxed time.
In conclusion
Whatever the method chosen, the important thing is that it is relatively easy to restore the saved data. In fact, it should be remembered that the only real purpose of backup is to perform a successful recovery.
A good idea is to write on a sheet of paper the credentials that are used and any backup software that are used to make the copies. This way if a technician will be able to assist you more efficiently.
Another good rule of thumb is to save on each media any recovery ISO file created by the backup software, a copy of the software and any activation keys.
Lastly remember every so often to try restoring backups of any file and verify that the file is undamaged.
