Windows_Security
Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Mar 13, 2016
- 1,298
Because ransomware infects all the data of the accessible drives, partitions and folders we need to adjust our backup/recovery mechanisms
1. Use a NAS (Network Attached Storage)
The beauty of a NAS is that you can configure it to do continuous backups, using a maximum of 10 or 20 percent of your network bandwidth. Because ransomware attacks all connected drives, the advantage of a backup device attached to your network becomes a weakness. All of sudden your backup is also vulnarable to data loss due to encryption.
Most NAS-devices have a user friendly configuration option to manage access (profiles) based on user ID's and connected devices. I changed from contineous backup to nightly backups. For the backup I created an extra ADMIN account (backup) on each PC connected to my network. In the NAS I changed update access to read access for all 'regular' user accounts, e.g. the (admin) account you use to logon to our PC's for every day work. Only the extra (backup) admins got update access. When I want to run a backup, I change user account from regular user to backup admin and run a backup.
This is a lot more hassle than automated/scheduled/continuous backups, but keeps the NAS read only connected.
2. Use a seperated second Hard Disk for immediate backup
On my business desktop I added an old harddisk of a laptop (boosted wife's laptop performance by replacing the 320GB regular HD with a 1 TB hybrid harddisk) and made this a quick backup disk. I installed SYNCBACK free to backup updated files only and installed SECURE FOLDERS and gave that QUICK BACKUP disk READ-ONLY access and added SYNCBACK FREE as trusted program (to give it full access). My quick dicuments+mail backup disk is 'access right' seperated with secure folders.
Since our foto's are updated only after holidays (have a lower update interval), I only include my Documents folder and eMail folders in the quick backup. With this selection, the capacity of the old 320GB HD is more than enough to host all my documents and mail folders. I keep the holiday photo's on a small and handy 1TB USB disk. I keep this (encrypted) USB disk in the 'emergency' bag (together with insurance and other important papers) in case we have to run. On holidays I store that 'emergency' bag at a relative's place. Beauty of an USB-disk is that it can be 'disconnected' very easy.
3. Use a ransomeware "damage control" program
There are a few freeanti-ransomware programs which place marker files on your harddisk, like Ransomfree. When those marker files are hit by ransomware Ransomfree tries to stop the malware. Personally I like the behavioral based protection of AppCheck a lot better (Cruel Sister has demonstrated in her video's it does really well). On my desktop which I use for business I have AppCheck running as a gate keeper should ransomware escape my first line security.
Note: above mechanisms don't replace first line defense like your AV, HIPS, Sandbox etcetera, they are just an additional option to reduce impact and attack surface against ransomware attacks.
1. Use a NAS (Network Attached Storage)
The beauty of a NAS is that you can configure it to do continuous backups, using a maximum of 10 or 20 percent of your network bandwidth. Because ransomware attacks all connected drives, the advantage of a backup device attached to your network becomes a weakness. All of sudden your backup is also vulnarable to data loss due to encryption.
Most NAS-devices have a user friendly configuration option to manage access (profiles) based on user ID's and connected devices. I changed from contineous backup to nightly backups. For the backup I created an extra ADMIN account (backup) on each PC connected to my network. In the NAS I changed update access to read access for all 'regular' user accounts, e.g. the (admin) account you use to logon to our PC's for every day work. Only the extra (backup) admins got update access. When I want to run a backup, I change user account from regular user to backup admin and run a backup.
This is a lot more hassle than automated/scheduled/continuous backups, but keeps the NAS read only connected.
2. Use a seperated second Hard Disk for immediate backup
On my business desktop I added an old harddisk of a laptop (boosted wife's laptop performance by replacing the 320GB regular HD with a 1 TB hybrid harddisk) and made this a quick backup disk. I installed SYNCBACK free to backup updated files only and installed SECURE FOLDERS and gave that QUICK BACKUP disk READ-ONLY access and added SYNCBACK FREE as trusted program (to give it full access). My quick dicuments+mail backup disk is 'access right' seperated with secure folders.
Since our foto's are updated only after holidays (have a lower update interval), I only include my Documents folder and eMail folders in the quick backup. With this selection, the capacity of the old 320GB HD is more than enough to host all my documents and mail folders. I keep the holiday photo's on a small and handy 1TB USB disk. I keep this (encrypted) USB disk in the 'emergency' bag (together with insurance and other important papers) in case we have to run. On holidays I store that 'emergency' bag at a relative's place. Beauty of an USB-disk is that it can be 'disconnected' very easy.
3. Use a ransomeware "damage control" program
There are a few freeanti-ransomware programs which place marker files on your harddisk, like Ransomfree. When those marker files are hit by ransomware Ransomfree tries to stop the malware. Personally I like the behavioral based protection of AppCheck a lot better (Cruel Sister has demonstrated in her video's it does really well). On my desktop which I use for business I have AppCheck running as a gate keeper should ransomware escape my first line security.
Note: above mechanisms don't replace first line defense like your AV, HIPS, Sandbox etcetera, they are just an additional option to reduce impact and attack surface against ransomware attacks.
Last edited:
