You're able to win the fight against ransomware! How? BACKUP!

SpartacusSystem

Level 7
Thread author
Verified
Well-known
Aug 6, 2015
306
In this article, Haylee from the Emsisoft blog discusses about how troublesome ransomware is. As all internet capable devices and businesses are at risk.

Haylee explains in brief what ransomware is and stresses on the importance of always having a Plan B at hand, what should be backed up, what backing up options are available and online backup services.

What would you do if an attacker had gained admin rights to your computer and disables your anti-malware/internet security package?

Haylee mentions about how anti-malware software is able to identify malicious files very well but it will not prevent from opening the doors to summon the bad guys in.

External hard drives are an excellent option for making backups provided that they're not connected to a computer during a ransomware attack.

Refer to Seagate's brilliant guide on how to organise files with a backup masterplan (Will be posting this in the guides section): Backing Up 101: Creating Your Back Up Plan|Seagate

Another point Haylee discusses about is how cloud safety is being sabotaged rather than attacking computers directly, allowing data to be held at ransom at a larger scale with thousands of other users.

Haylee advises to look at cloud services that support revisioning. This is where old versions of files are kept and easy to access if backup files were destroyed by malware. Refer to this table for online backup options: Comparison of online backup services - Wikipedia, the free encyclopedia

In short:
  • Software and operating systems should be kept updated
  • Program and app permissions should be examined closely
  • Apps from untrusted sources or sites should not be installed
  • Data and services should be backed up frequently
  • A 'quality' anti-malware product/internet security package should be installed and regularly updated (hint hint)
  • If you're infected? TAKE EVERY POSSIBLE STEP TO AVOID PAYING! Each bitcoin that goes into the hands of a (scumbag) cybercriminal increases the distribution and profitability of this type of malware
Article in detail: The smartest way to stay unaffected by ransomware? Backup!
 

DJ Panda

Level 30
Verified
Top Poster
Well-known
Aug 30, 2015
1,928
My main AV (Avast) was tweaked for maximum possible protection. I have also made it only possible to disable the protection if you have a certain password. On top of using a standard account with UAC at max. I own Zemana Anti Logger but I wish they had a program lockdown mode with password needed to chanmge settings. :)
 
H

hjlbx

  • Software Restriction Policy (AppGuard, Simple Software Restriction Policy, Bouncer)
  • Anti-executable (NVT ERP, Voodooshield)
  • HIPS (ReHIPS, SpyShelter, ESET, COMODO)
  • Virtualization (Shadow Defender, Sandboxie, COMODO)
  • Disable macros for all unknown documents (settings)
  • Backup (Macrium Reflect, Windows Backup)
This is not difficult... and you only need one from the first three items on the list.

Actually, ReHIPS combines software restriction policy and HIPS; used properly only isolated environment files will be encrypted - and that's only if the user allows the unknown\untrusted file to execute in the first place.
 
Last edited by a moderator:

Tempnexus

Level 3
Verified
Nov 25, 2015
136
I have WinAntiRansom to protect me but lately it's been a pain in the ass. It keeps poping up on software that is known to be valid like some steam game installs. I mean if I get a pop up for a valid software then what prevents me from OKing a ransom software????!!!! That is where WinAntiRansom fails it's too pop up busy, it turns a person into an OK presser which is something that an anti-ransomware software should not do. Otherwise what distinguishes that part of software market from a HIPS software market?
 

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
Non-security conscious user wants:

1st - entertainment
2nd - plug-n-play, default allow security

Net result = infection

Oh well, can't blame those "kids" these days :D

Anyway I'm curious on the backup file.
Imagine u backup the file and save it on the other drive? Will ransomware able encrypt it too assuming it is able to travel freely?
 

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
Oh well, can't blame those "kids" these days :D

Anyway I'm curious on the backup file.
Imagine u backup the file and save it on the other drive? Will ransomware able encrypt it too assuming it is able to travel freely?
It's important to evacuate before the :eek:storm hits.
I envision this as increments of harbored safety, timing, and circumstance.o_O Imagine you've copied clones of yourself. Now imagine sending them away in groups driving in a number of separate cars.:cool: If the team remaining at home (in The White House) is hit,:confused: those that escaped to the place that is safe are not exposed when the ransom-ware is released.:rolleyes:

This is also the reason the President of the United States does not fly in the same plane as the Vice President, nor at the same time, and why helicopters carrying The Commander In Chief are constantly exchanging positions like some great flying shell game.;) The more backup options the safer the contents (file passengers).:)
 
Last edited:

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
The problem is people don't want to listen or learn these things.
They are busy in their life and don't want to spend time learning these things.
Your right, some people are lazy when it comes to computing, so this translates to security as well.
If they honestly dont want to learn they are on the wrong website, because MT is a wealth of information
and learning. I soak it up like a dry sponge :)
 
L

LabZero

External hard drives are an excellent option for making backups provided that they're not connected to a computer
Thanks for sharing ;)

Just a consideration about NAS and removable storage.
Backups are often made by copying data from the storage (local disk, server) to a removable storage that is directly connected (USB or similar) or to one or more NAS.
But the common factor of all of these strategies is that data and backups are online : readable and writable at file access level from the computer that is being protected. In other words, from the computer, the user can choose to open the file that is in the backup. In some cases, access is limited to a certain time because the procedure of backup mounts the network drives only during the operation, but in that time the data in the backup storage are accessible and, of course the ransomware may have access to them!
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Thanks for sharing ;)

Just a consideration about NAS and removable storage.
Backups are often made by copying data from the storage (local disk, server) to a removable storage that is directly connected (USB or similar) or to one or more NAS.
But the common factor of all of these strategies is that data and backups are online : readable and writable at file access level from the computer that is being protected. In other words, from the computer, the user can choose to open the file that is in the backup. In some cases, access is limited to a certain time because the procedure of backup mounts the network drives only during the operation, but in that time the data in the backup storage are accessible and, of course the ransomware may have access to them!
None of mine are done in this fashion, I do the process using Macrium Reflect, then the copy is stored in a fire proof safe with other goodies.
I don't like the idea of a external drive that is left connected, to me it kind of defeats the purpose of having a secure back up.
 
H

hjlbx

External hard drives are an excellent option for making backups provided that they're not connected to a computer during a ransomware attack.

USB flash drive is sufficient for most users.

It is very easy to control read\write\execute access rights and policies of connected USB flash\external drives with a utility like BiniSoft's USB Flash Drive Control.

This is not difficult...
 

LASER_oneXM

Level 37
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
I do not leave my HDD's connected i backup, i make my backups then disconnect drive and then reconnect to the internet. :)

...making backups frequently seems to be the only way to protect your data agains ransomware. I could read this answer very often on the internet when people were asking about protection against ransomware. I'm also using this method ( see quote above from frogboy ): I backup/syncronize my data every 2-3 days on an extrenal HDD and then i immediately disconnect the drive from Laptop/PC.
Additionally, once per month: full system image of all my machines.
 
Last edited:

JHomes

Level 7
Verified
Well-known
Jul 7, 2016
339
I use RollBack Rx to back up twice a day, and Drive Cloner to back up my entire system (and RollBack) once a week. I find that's best for me at least.

I tell everyone I know to back up their data. I think there's this perception that it's a costly thing. It can be, if you spring for Acronis TI and say a costly cloud service or an expensive external HD then yeah. I got Drive Cloner for $20 on a sale, and I back it up to a USB that cost me $5. So between $35 for RollBack, $20 for Drive Cloner, and $5 for the USB, I spent $60 on my backup solution.

People have to get smarter, but I doubt that will happen, so I'll have to settle for people doing their research. Find a solution that works, then find a cost effective solution to get that solution.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top