Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Guides - Privacy & Security Tips
Anti-Ransomware Backup
Message
<blockquote data-quote="Deleted member 21043" data-source="post: 378553"><p>Ransomware has found other ways from just launching itself and performing the task in the original process. To prevent the encryption process and keep it working more stealthily, it may drop a file called "csrss.exe" named after a system process. Then execute it and inject into csrss.exe (the one it dropped) (as an example) to do the task for it, meaning if the user caught the actual original sample running in memory and it was terminated, then they may be unaware of the injection on the other process which occured which had started doing the work in the background.</p><p></p><p>I mean they could use the same trick with other system process names. Like winlogon.exe (which can be used to help prevent process termination), explorer.exe,...</p><p></p><p>Personally in my opinion I recommend an offline backup. Cloud storage can also be a good idea however if you uploaded sensetive documents to the cloud I recommend having them encrypted/in a RAR/ZIP which is password protected with a secure password (to help prevent brute force attacks on the archive). Since, if someone managed to hack your cloud account or the provider had a serious attack and files were lost and they got hold of your files, if it was "protected" by the user one way or another then it would result in less chance of them actually being able to do anything with the obtained documents.</p><p></p><p>HitmanPro.Alert have a CryptoGuard feature which people may be interested in: <a href="http://www.surfright.nl/en/cryptoguard" target="_blank">http://www.surfright.nl/en/cryptoguard</a></p><p></p><p>Good thread, backups are important hopefully your thread will make people more aware of how important they are and will result in them starting to make backups. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p></blockquote><p></p>
[QUOTE="Deleted member 21043, post: 378553"] Ransomware has found other ways from just launching itself and performing the task in the original process. To prevent the encryption process and keep it working more stealthily, it may drop a file called "csrss.exe" named after a system process. Then execute it and inject into csrss.exe (the one it dropped) (as an example) to do the task for it, meaning if the user caught the actual original sample running in memory and it was terminated, then they may be unaware of the injection on the other process which occured which had started doing the work in the background. I mean they could use the same trick with other system process names. Like winlogon.exe (which can be used to help prevent process termination), explorer.exe,... Personally in my opinion I recommend an offline backup. Cloud storage can also be a good idea however if you uploaded sensetive documents to the cloud I recommend having them encrypted/in a RAR/ZIP which is password protected with a secure password (to help prevent brute force attacks on the archive). Since, if someone managed to hack your cloud account or the provider had a serious attack and files were lost and they got hold of your files, if it was "protected" by the user one way or another then it would result in less chance of them actually being able to do anything with the obtained documents. HitmanPro.Alert have a CryptoGuard feature which people may be interested in: [URL]http://www.surfright.nl/en/cryptoguard[/URL] Good thread, backups are important hopefully your thread will make people more aware of how important they are and will result in them starting to make backups. :) [/QUOTE]
Insert quotes…
Verification
Post reply
Top