cruelsister

Level 36
Content Creator
Trusted
Verified
For those that do not use Comodo and do use Macrium Free: an increasing number of ransomware will seek out and encrypt Macrium image files- the paid Macrium version will prevent encryption, the free does not. So just remember to detach any external storage after doing a Macrium Free image.

Although I absolutely see the need for the Paid version of Macrium to have more Bells and Whistles than the Free, this lack of intrinsic ransomware protection for the Free version I find not acceptable. You Macrium fans have the power to hammer the Devs to include this protection by posting in their forums.

Note to 128BPM- Ransomoff has turned to more of an anti-exe than a pure ransomware stopper the last time I checked, and so I became less interested as it was getting less specific (increased FP's). But to be fair I haven't given it a run for quite some time so perhaps I will revisit it.
 
Last edited:

upnorth

Level 30
Content Creator
Trusted
Verified
an increasing number of ransomware will seek out and encrypt Macrium image files- the paid Macrium version will prevent encryption, the free does not. So just remember to detach any external storage after doing a Macrium Free image.

Although I absolutely see the need for the Paid version of Macrium to have more Bells and Whistles than the Free, this lack of intrinsic ransomware protection for the Free version I find not acceptable. You Macrium fans have the power to hammer the Devs to include this protection by posting in their forums.
Thanks for the headsup! Much appreciated.

Not really consider myself a fan of Macrium even if I at the moment test it and it's been pleasant so far and the price for the paid home version ain't too expensive IMO but as you say the Free version does lack the encryption/password protection for images that you for example get built-in with the free version of Westerndigitals and Seagates Acronis versions and also in the shared gift from @BoraMurdar : Unlimited Giveaway - Acronis True Image 2017 BootCD

I like how Westerndigital define a backup. Quote : " Critical : Once data is backed up do not remove it from the original location unless there is a third copy of the data. A file is only considered a backup when it is stored in at least two separate locations or different devices. "

Source : Performing a backup using Acronis True Image WD Edition Software | WD Support
 

AtlBo

Level 26
Content Creator
Verified
same thing, ransomwares can still corrupt your HDD because every GPT drive has a small MBR partition for backward compatibility. The only thing I'm not sure is the possibility we can restore the data in those GPT partition. It's obvious that with MBR, the drive is dead
This seems to match my experience. Except I think that the experience I had was in reverse. I had trouble restoring full system images on GPT drives 4 or 5 times in a row. I can't say AppCheck had anything to do with this, because it allows only reads, but I think EUFI/EFI may need to occasionally write to the mbr during Windows operation (standard boot security of some kind maybe running while AppCheck is running too or maybe loading).

The PCs are earlier series of GPT/EUFI/EFI (2 PCs). I think on these slightly dated PCs, it was the BIOS I believe may have been confused by AppCheck rather than corruption of the mbr from R/W. I noticed multiple entries for the boot loader in the EUFI/EFI startup application, like it was expecting something in the mbr that wasn't there so it created another entry. Then during Windows runtime perhaps (or early boot time A/C on) that couldn't be changed or verification achieved (due to mbr write protection). ALL a guess. None of the multiple boot loaders in EUFI BIOS would boot. Some kind of security mismatch of values during the boot. EUFI says this...mbr protection says no.

I read around and read of stories of this same thing with as many as 20+ instances of the boot loader on a PC (HPs too like these), so security came to my mind as something that could be affecting the slightly dated hardware setups. This seems to coincide roughly with the time AppCheck introduced free mbr protection too. And HP is kind of over the top about workstation security.

I suspect on a newer BIOS this issue would have been dealt with however. Haven't updated this BIOS yet (just turned off A/C R/W mbr protection), which I will be doing soon enough. Otherwise, no idea if this is the cause of the problem I had or could be present on newer systems. Kind of doubt so, since it surely would have been caught and fixed.

Just for me an interesting if painful blip of PC agony I guess...although getting the system back in both cases was no fun whatsoever->Windows fixes all failed, so yep, replacing hive files was the only way for those aware of that technique...
 

Electr0n

Level 4
Verified
@Electr0n I think you shouldn't add anything to avast+CF because CF itself is the best tool against ransomwares. avast and CF are conflict kings
I am using avast with only file and web shield in agressive hardened mode and max sensitivity along with cruel comodo. It's very light and haven't found any issues yet, whereas avast bb used to cause significant slowdown. Do I need to change any settings to avoid any possible future conflicts between avast and CF?
 
  • Like
Reactions: AtlBo

Evjl's Rain

Level 40
Content Creator
Trusted
Malware Hunter
Verified
I am using avast with only file and web shield in agressive hardened mode and max sensitivity along with cruel comodo. It's very light and haven't found any issues yet, whereas avast bb used to cause significant slowdown. Do I need to change any settings to avoid any possible future conflicts between avast and CF?
you can try this
SECURE - Evjl's Rain's security config
 

zzz00m

Level 5
For those that do not use Comodo and do use Macrium Free: an increasing number of ransomware will seek out and encrypt Macrium image files- the paid Macrium version will prevent encryption, the free does not. So just remember to detach any external storage after doing a Macrium Free image.
.
Correct me if I'm missing something here, but I believe the Macrium encryption feature in just intended to allow users to encrypt their own data to prevent unauthorized access to their backup files. You would still need an anti-ransomware solution to prevent malware encryption of the backup file folder if the backup is connected to the PC when attacked.

You can also create images with Macrium onto a BitLocker protected external drive, but it will remain vulnerable as long as the drive is attached and 'unlocked'.

However, the advice to detach external backup storage is still good in either case! (y)
 
  • Like
Reactions: AtlBo

Telos

Level 15
Content Creator
Verified
Correct me if I'm missing something here, but I believe the Macrium encryption feature in just intended to allow users to encrypt their own data to prevent unauthorized access to their backup files. You would still need an anti-ransomware solution to prevent malware encryption of the backup file folder if the backup is connected to the PC when attacked.
Incorrect (you dare contradict our dear sis :love:)
Macrium Reflect 7.1 with MIG [Macrium Image Guardian] is available with all the Macrium Reflect 7.1 editions, protecting your backup files on local disks and USB volumes against encryption. MIG grants write access to existing backups file for Macrium Reflect 7.1, any image tools created by us, and optionally, MS RoboCopy. All other process attempting to update existing backup files will be denied access.
The Importance of Ransomware Protection and Mitigation Plans