Hi, everyone. I’m Leo Notenboom here, for askleo.com. In the news this week, came a notice of something called Ransomware32, and it’s actually fairly interesting. It’s got some people pretty worried, and I wanted to go over exactly what it is and what you need to do.
The top line, to be honest, is essentially to keep doing what you’re already hopefully doing, and that is, of course, backing up, using your anti-malware tools, making sure they’re up to date and running properly, and of course, using common sense – but I’ll get to that in a little bit more detail in just a second.
First, what is ransomware? Ransomware, you’ve probably heard, is malware that gets installed on your machine somehow through the normal means. Ransomware encrypts the files on your machine, usually the data files on your system drive and sometimes, data files or files of known file types on connected drives, and holds them ransom.
They are encrypted, and therefore, you cannot access them any more, unless you have the private key, the decryption key which will be provided by the ransomware authors for a fee. Hence the term, ransomware. Your files are being held hostage; they’re being held for ransom, and they’re not accessible to you until you pay the ransom.
Ransomware32 is a toolkit for malware authors to more easily create ransomware. So, in the past, the ransomware has been something that required a certain amount of, well, I’ll say relatively deep technical expertise.
Cryptography, as we know, is complicated. What’s happened is that someone or “someones” have created a toolkit that basically package all that up in such a way that other individuals can go out and create ransomware without needing to know all those nitty gritty details. They simply specify what files get encrypted, how much the ransom will be, how the ransom will be paid, and so on. They package it up, they create malware, and thus they distribute that malware.
The concern is that we will be seeing more instances of ransomware because Ransomware32, this toolkit, has made ransomware so much easier to create. So I’ve got to admit that I’m a little frustrated whenever I start talking about ransomware, because many people tend to focus on it as something unique. In a sense, it is. But in a sense, it’s not.
What’s not unique about ransomware, regardless of where it comes from or how it’s created, is that it is malware. It’s malware, in many senses, like any other. It arrives in the same ways. It installs itself in the same ways. It runs in the same ways as almost any other garden-variety malware.
Yes, it is particularly destructive and destructive in a unique way. In other words, it’s recoverable if you pay the ransom. That’s unique. That’s threatening. That’s frustrating for people who have been infected by some kind of ransomware, but the fact is, it still is nothing more than malware.
So, what does that mean? Well, what that means is the steps to protect yourself from ransomware are the same as the steps you would use to protect yourself from any form of malware. If anything, ransomware’s prevalence and destructiveness should make us not worry so much about specifically ransomware, but in fact cause us to redouble our efforts to stay safe in general.
In that sense, it’s a good thing, because what’s going to happen is, in order to protect yourself from this scary, scary ransomware, the steps you will take are the steps that you should be taking already and should be focusing on to make sure that your machine and your experience on the internet is already safe.
What does that mean? It’s funny. In one of the articles that I read about Ransomware32, there’s a quote, they actually prioritized of all things, backing up your data daily as the number one thing you can do to protect yourself from ransomware.
Think about it. If your machine suddenly has all of its data files encrypted, then one way to decrypt them would be to restore them from your most recent backup, where they weren’t encrypted. It’s so simple. And it’s so important, and it’s so frequently overlooked. That’s again, one of the reasons that I keep harping on backing up.
I’ve been a little frustrated this year because I’m getting kind of tired about talking about backing up – but this is one of those cases where backing up, again, daily is the silver bullet to protecting yourself from ransomware. Number two on the list: the standard stuff. Use up to date anti-malware tools; make sure that they’re running and running properly. Make sure the databases they use are up to date. That kind of thing.
You’ve heard this before. Number three on the list. Use common sense. Now I understand a lot of people get frustrated with me when I say use common sense, because there’s no real definition. In a lot of ways (and I do have an article on what it means to have common sense), it really is a few very simple things.
This kind of malware, currently, is arriving most commonly as email attachments. So, don’t open email attachments from people that you aren’t 100% certain are legitimate. It’s that simple. If you do that, you’ve already decreased the chances of getting any form of malware, whether it be ransomware or something else, by order of magnitude. Simply be suspicious of email attachments you aren’t expecting. Yes, they are other ways – drive-by downloads and foistware and software downloads and so forth – but right now, today, the most common way these things are spreading is in email attachments, either as a phishing attempt, or in some cases, spear-phishing attempts – but that’s happening mostly in the corporate environment.
So, like I said, the best way to keep yourselves safe from ransomware, especially since we currently expect that there will be more different types of ransomware showing up in more different ways, is to keep doing what you should be doing already.
Stay safe. Run the anti-malware tools you have. Avoid attachments. And back up your data. Back up your stuff regularly, daily if it all possible, because if you get infected, that’s what’s going to save you from having to deal with the consequences of getting infected with something as destructive as ransomware.
So, as always, I’d love to hear what you think and any questions you have on the topic. Let me know if you’ve run into specific instances of ransomware and how you got around it. I know the one story that I keep telling people is from friends who lost all of their photos, or a majority of their photos, simply because they clicked on an email attachment. Their data wasn’t backed up and their anti-malware tools didn’t catch it.
It’s like zero for three on the prevention scale, and they lost some seriously important things forever. So, let me know what you think. Leave a comment down below. Here’s the link if you’re watching this anywhere but on Ask Leo! Come visit me here. This is where the comments are moderated, and we read absolutely every one of them as they come in.
Thanks again for watching. I’m Leo Notenboom for Ask Leo!
Remember: Have fun, stay safe, and of course, especially now, don’t forget to back up.
I will only open email attachments from specific people & even then we have code words in place to confirm that it is safe to open.
The big problem: Your most trusted & competent friend might be infected and it may send itself to everyone in his address book. Unless your own anti-malware protects you, you will be infected too.
“The big problem.” – There is no problem. Ken’s saying that he’ll only open attachments if a) they’re from a known source and b) they contain pre-agreed code words (“I’m a giant mutant hairy-assed hippo!”). It’s a good strategy, albeit not one that would work for everybody.
It’s not a strategy that would work for anyone in the world of business.
Indeed – which is why I said it wasn’t a strategy that would work for everybody. But for somebody who’ll only ever exchange emails/attachments with a small circle of family/friends, it ain’t a bad idea at all.
Thank you Leo for another insightful opportunity. An opportunity to learn that is. Pretty simple instructions but then again so is backing up. One good item with Win 10 is that it gives you an option to back up multiple times a day. Now to train myself to scan any inclosure before I open it! Thanks again.
It’s worth noting that CryptoPrevent works by locking down the AppData folfer folder, which is also used by other programs: DashLane, for example:
http://support.dashlane.com/customer/portal/articles/1908918-i-cannot-run-dashlane-as-windows-says-my-system-administrator-has-blocked-this-program?t=293406
So, if something will not work as expected after installing CryptoPrevent, that’ll likely be the reason.
Yeah, had I fully recommended CryptoPrevent this is one of the issues I would have had to have explained. In the end it’s interesting for the folks that want to give it a try, but not interesting enough for me to completely endorse it. Issues like this (Dashlane, etc.) don’t help. Thanks.
Thanks, as always Leo. It feels so good that staying safe from malware really is pretty easy to do, once we learn what needs to be done and how to do it, and get in the right habits of remembering to do them–which might be a pretty good definition of ‘common sense.’
You mention Daily Backup, which is very good, to help avoid consequences of a Ransomware invasion.
Using Macrium Reflect, which Backup is preferred for this security:
* Full backup daily?
* Full backup weekly, then Sequential backup Daily
* Full backup 2 or 4 weekly, plus Sequential daily?
Thank you for caring, and sharing your expertise.
p.s. Love our surprise, the final ‘amazing and wonder daily’ scene, what a view, wow!
Not sure what you mean by “sequential”. In general I recommend (and perform myself) monthly full and daily incrementals. Naturally that can be adjusted as needs dictate.
Leo, why does Macrium make the cost of their anti-virus program secret? You have to get all the way to Checkout before you find out how much it costs.
I didn’t even realize Macrium had an anti-virus program. (But as to the tactic – I have no idea. Other than the generic excuse: “marketing”.)
Thanks Leo
“Incremental” is the name of backup, sorry. So Full, the Daily Incrementals is fine. Good.
Hi Leo, you talk about ‘common’ sense – I prefer to call it ‘good’ sense because, unfortunately, it ain’t that common!
Leo,
Thank you, you have taught me so much.
You are very much appreciated,
How do you make a backup disk or USB drive that contains all files not just data files.
The disk should have a menu that has the options of restoring your system before the ransomeware.
Could you list the instructions in a list format to follow?…..
and.. once you have been hit by the ransomware, how do you get access to the windows or android tablet system so that you can actually access the backup you made and restore your windows or android system again?
Is there a test disk out there that can be read at boot up, with the ransomware fix on it?…
Appreciate your help….
Thank you for all your helpful articles.
Pat Corrao
{email address remmoved]
That would be by making a system image backup of your computer.
https://askleo.com/how_do_i_backup_my_computer/
Ransomware generally allows your system to boot normally, because if you couldn’t run Windows, you wouldn’t be able to pay them. But if you do get locked out, backup programs allow you to create a bootable CD or USB thumb drive which boots a standalone version of the backup program which you can use to restore from your external backup.
Pat asks, “How do you make a backup … that contains all files not just data files?” That’s called an image backup, and it’s the backup type that Leo recommends.
“How do you get access … so that you can actually access the backup?” That’s called a emergency or rescue CD or flash drive. One boots off that disk or drive to restore the system if it’s not bootable or is otherwise damaged.
Every backup program I know of, including the free ones from Windows, Macrium, and Easeus, all have the ability to do image backups and create a rescue disk/drive for emergency restores. Of course, one has to remember to create the rescue disk *before* it’s needed.
Finally, it really doesn’t matter which one you use as long as you use some method of backup. Something is way, way, better than nothing.
What you describe are “image backups”, and I have many, many, many articles on the topic here on https://askleo.com :-). Just hit the search function.
You asked “How do you make a backup disk or USB drive that contains all files not just data files.”
I think such a backup is known as an image.
Check out Macrium Reflect.
(Refer to Leo’s advice / books about how to use it)
Is a Carbonite backup sufficient to protect you from Ransomware32?
The problem with relying on on-line backup is that they will back up the encrypted files and overwrite the good ones. Dropbox had a function to show previous version, so that would offer some level of protection. Carbonite has something similar They keep up to 12 previous copies of backups, but you’d have to restore each file one by one. So in my opinion, the bottom line is that it’s a great additional backup, but not sufficient in itself.
http://support.carbonite.com/articles/Personal-Pro-Windows-Restoring-Previous-File-Versions
The online backup companies have become quite adept at spotting – and remediating – the problem.
http://www.crn.com/news/security/300074908/carbonites-security-push-cryptolocker-may-be-dead-but-ransomware-is-alive-and-well.htm
Yes/no. Since carbonite doesn’t back up everything bydefault, only those things it backs up will be protected. AND if it backs up the encrypted files those may overwrite the unencrypted versions in the backup.
The best backup is paper. Always has been. Always will be.
Until the house burns down. MUCH has been lost to fire. Because it’s so trivial to make copies of digital data in different locations, I much prefer it over paper.
That’s a LOT of paper in my case and really hard to get back into the computer when I exorcise the ransomware.
I have had one laptop to fix with ransomware – it was brand new and they downloaded their photos to it but did not install antivirus or anti malware – they deleted all photos from the camera and in this first day of use got the ransomware. All I could do was a factory reset on the laptop and then installed the necessary anti’s. Fortunately I was able to recover all their photos from the camera card and explained all about having more than one copy. Great video as usual.
I have an internal data drive I use only for backups. Is that at risk of ransomware if the computer gets infected?
I have been thinking of an external drive for some time now that I would disconnect after each backup.
Thanks
An internal drive, would be as vulnerable as your system drive. An external backup drive is much safer if it’s unplugged after a backup.
External USB 3 drives are as fast as your internal drive. You can get a couple of Terabytes for under $100. Also, look for one with an on/off switch on the back. That makes it very easy to turn it on for your back up and off when done. Ease of use is the most important thing for timely back ups.
Debra [and anyone else reading this], please do not rely on any internal drives as your ‘backup’ in this increasingly malware infested world. As Mark says, internal drives are vulnerable since malware will typically search for [and encrypt] all the files it can find on any internal [and attached external] drives. You’re only really safe if you backup to an external device [USB drive or USB ‘stick’] that you disconnect except when you’re ‘backing up’.
And … it is much more likely that a hardware failure could take out not only the working drive, but the “backup” drive at the same time. I’ve had a failed power supply blow out all attached HDs (4 of them at the time) in one swift blow.
Indeed. Backing up to any form of external device or medium or to the cloud would be a much, much better option.
It depends on the ransomware, but the absolute answer is that “yes, any drive connected to your system is at risk”. MOST ransomware encrypts only data files on C:, but variants are appearing that are encrypting data files found on other drives as well – even network connected drives.
Thanks Leo. I always appreciate and enjoy your words of tech wisdom.
What, if anything, is the government cyber authorities doing about this illegal threat of ransomeware?
Tracking them down, to the extent that they can. Realize that they’re mostly overseas in areas where our government can’t reach.
CryptoLocker was shut down:
http://www.consumeraffairs.com/news/feds-shut-down-cryptolocker-ransomware-gameoverzeus-botnet-060314.html
But other criminal gangs with different Crypto viruses have taken its place. As Leo said, it’s on ongoing fight.
My laptop became infected with ransom-ware last summer, while I was visiting my daughter in the Pacific northwest. At the time, I was only connected to the internet, not reading my email _or_ web surfing. So, not opening attachments from unknown (or even known) sources won’t protect you. Sorry.
I did say that attachments are the most common way, not the only way. (Though I’d be interested in exactly HOW you got it.)
So would I. I don’t know if it was dormant in the system for some time, or was something that attacked the laptop because it was connected.
Also, I wasn’t questioning _you_. I was reading the replies and saw one from someone who indicated they didn’t open attachments so they could avoid these. So, I commented that you could get one just by being connected. This happened on July 3rd (or 4th), of 2015.
To Ray’s comment:
I do know the laptop had been “goofy” for several months, and had been thru 2 IT folks who tried to fix it. The last one said there was something in there that they couldn’t ID, even with MalwareBytes or one other program. All jpg, pdf, doc, and one or 2 other file types were infected. All the photos were viewable the day before, as I had shown a slide show to my daughter and son-in-law. I still think it was an attack on a connected machine, not an email attachment. I believe all of these were backed up elsewhere.
” I still think it was an attack on a connected machine.” – That’s not how Crypto viruses work. In fact, “viruses” is really a misnomer: Cryptos do not replicate or jump between PCs, even if those PCs are on the same network. The only thing a Crypto will do is encrypt files on the PC on which it’s installed and, possibly, files on any directly-attached or network-attached storage devices. The ONLY way to get a Crypto are 1) via an infected email attachment (very common) or 2) via drive-by download (much less common).
“At the time, I was only connected to the internet, not reading my email _or_ web surfing.” – But that’s probably not the time your PC became infected. Some Crypto viruses work on a fuse/delayed start basis and their encryption processes do not begin until a certain time/date. Additionally, Crypto viruses do not alert you to their presence until all your data has been encrypted which, depending on how much data you have and how long your PC spends on, could take days or even weeks.
It’s almost a sure-thing that you picked up the virus from an email attachment. As far as I know, Crypto viruses do not spread in any other way. Not at the moment, anyway.
Leo,
Thank you for the (once again) level-headed discussion of an important topic, and your continuing emphasis on common sense is very gratifying as it acknowledges that technology alone cannot manage all possible risks – personal judgment and intelligent thinking are just as important.
Would appreciate your thoughts about ransomware possible being executed through documents that are transmitted via file-sharing providers like Dropbox and SendBigFiles, which give you links to download files rather than sending emails with attachments. Is using these providers safer because the files are not attachments to emails?
Thanks again.
There’s really no difference in how you download a file. Malware is malware regardless of how you invite it in to your computer. Email may even be slightly safer as email service providers like GMail won’t send emails which contain executable files (this is not surefire as there are many executables which which might get through).
One extra layer of protection is to set your File/Windows Explorer to view file extensions. Make sure ‘Hide extensions for know file types’ is turned off. This will allow you to see if an attachment or a downloaded file is actually a program and should never be opened on unless you know for sure you were expecting to get that program. This article explains how to change this Windows default setting.
https://askleo.com/one_change_you_should_make_to_windows_explorer_right_now_to_stay_safer/
Here is a list of file extensions for executable files (it’s not comprehensive, so I’d recommend only opening files with extensions you are sure of: documents, picture, videos etc)
http://pcsupport.about.com/od/tipstricks/a/execfileext.htm
No, they could be used for virus transmission. Basically any means of getting a file onto your machine could be used. (But you would have to run or open the file – its mere presence isn’t enough.)
You mentioned that ransomware “…sometimes encrypts…files on connected (i.e. external) drives”.
So if your backup image has been written to a connected (external) drive, then your backup image is safe from ransomware only if you disconnect the connected (external) drive after the connected drive contains your backup.
I’ve been using Macrium Reflect to write an image file each evening, saving it to a 1 TB external drive.
Macrium is set to limit the number of images to 14, so each evening the oldest image is deleted.
Then each evening I copy the latest image file to a second 1 TB external drive.
The 1st external drive remains connected to my laptop, but I disconnect the second drive.
Ron; the point to consider as part of your ‘data protection’ is that if YOU [that is, your Windows system] can see the drives, because they’re connected and they have a drive letter, then so can any malware, whether it’s the specific ransomware Leo mentions above or any other malware. Thus, ANY drive, internal, external or network connected, is at risk …
You can only BE SURE that it’s not affected is by making sure it’s disconnected!
Sandboxing is another layer of defense. I run my browser in a Sandboxie sandbox, and read my mail in the browser. Theoretically, even if I did open a malware attachment, the malware would only encrypt my files within the sandbox. Delete the sandbox, and poof, malware gone and files not encrypted.
Would not recommend this as the only layer of defense, of course. Still use EaseUS ToDo, Crashplan, Avast, and Malwarebytes as other layers of security/backup. Oh, and common sense. :)
Leo,
Do you know anything or can you comment on Malwarebytes Anti-Exploit Free. It is described as “Blocks unknown and common exploit kits, including Blackhole, Sakura, Phoenix, and Incognito”. Since you mentioned that Ransomeware32 was made using an exploit kit I wondered if Anti-Exploit would be of any benefit.
Great job on this topic as usual.
“Since you mentioned that Ransomeware32 was made using an exploit kit I wondered if Anti-Exploit would be of any benefit.” Malwarebytes Anti-Malware may detect/block it; Malwarebytes Anti-Exploit likely would not. Crypto viruses (currently) spread via email attachments/user action, not by exploiting vulnerabilities/exploits. That could,, of course, change – and more than likely will.
It’s important to remember that Crypto viruses are changing all the time, with new variants constantly being released – and the security companies are constantly playing catch-up. Security programs may catch a Crypto virus, or it may not. There’s not way to tell. Consequently, security software should be viewed very much as a second-line of defense. The first – and best – line of defense is the user.
Agreed, but this user has the usual human frailties (perhaps more owing to advanced age) and needs as much automated help as he can find.
That’s a great point. Not every PC needs the same level of security and not every person is equally at risk. For example, if you have sensitive business data on a laptop, encryption is a must. If you use a desktop primarily for gaming and Facebook, then encryption would probably overkill. And the less experienced you are, the more likely it is that you’ll do something silly.
Security is really a balancing act, and having too much can be as bad as having too little. Encryption is a good example of this. If you don’t know what you’re doing, it’s very easy to permanently lose access to encrypted data (in fact, even if you do know what you’re doing, it’s pretty easy to lose access). Consequently, it’s not something that should be used unless there’s a clear need.
The simple fact is that any software you install has the potential to causes problems, and this is especially true when it comes to security software. It can impact performance, conflict with other apps or cause weird problems that can sometimes be very difficult to diagnose.
As I said, it’s a balancing act. You want enough security, but not too much. And how much is too much will not be the same for everybody.
“And the less experienced you are, the more likely it is that you’ll do something silly. ” Really??? I’m a pretty experienced techie, and I’ve screwed up in ways that a noob couldn’t dream of ;-) .
@Mark – Yup, we’ve all had oh-no moments. But the fact remains that the less you know, the more likely you are to make a mistake. The outcomes of some of my home DIY projects are excellent examples of that :P
Thank you, Leo. I hadn’t heard about Ransomware32. And I’ve been BusyBusyBusy and have only been backing up about every 10 days. I’m going to do better!
btw, I’m also interested in H Davis’ question about Malwarebytes Anti-Exploit. I’m using the Premium version. I feel safer with it running, but I hope it’s giving me more than just a feeling of safety :)
“I feel safer with it running, but I hope it’s giving me more than just a feeling of safety.” – Malwarebytes is a good company, so I’m sure that Anti-Exploit does exactly what it says on the tin. The only issue I have with the product is that it doesn’t seem to have been subject of any non-sponsored third-party testing and, consequently, it isn’t clear how good it actually is at blocking the real-world exploits. Will your PC be significantly more secure with it installed than without? I really have no idea. That said, it’s probably not worth using Anti-Exploit if you’re already running a security program that offers exploit protection, such as certain products from Kaspersky, ESET and Bitdefender. In fact, in this situation, it’d probably be best not to use Anti-Exploit.
My personal opinion, FWIW, is that if you and other users of the PC exercise common-sense – in other words, exercise extreme caution with email, avoid crappy freeware/freeware sites and avoid the darker side of the internet – then the protection provided by Windows Defender is good enough that you don’t need to use/buy other security solutions. Plenty of people will, of course, hold a different opinion.
It’s worth noting that security programs are always something of a trade-off. They may improve the security of your PC, but they may also cause stability issues or other problems. For example, the latest update to Anti_exploit fixed conflicts with Microsoft Office, some popular banking software plugins and other security products.
Excellent heads up, Leo.
My external (USB 3.0) HDD is hard to reach and thus physically disconnect and reconnect after and before every (nightly) scheduled Macrium Reflect image backup. If I use “Safely Remove Hardware” in Windows 7 to unmount it, will that adequately protect it from ransomware? And, if so, is there a way to remount it without having to physically unplug and replug its USB connector. Even better would be a batch file or app that would automate that mount/unmount process just prior to and after each backup.
Safely remove should do it. (The drive’s no longer visible in Explorer.) But I’m not aware of a way to remount. :-(
If you restart the computer, any connected USB drive will remount. Other than that, unplug and reconnect the USB plug from the PC.
You can unmount/remount USB drives via the Device Manager and it’d probably be quite easy to script too. Googling will likely provide some useful pointers.
When I saw Leo’s comment that you couldn’t remount it without unplugging it, I thought the same thing, that you could mount it via the device manager, so I tried, and I couldn’t find a way. If you find a way, please let us know. It would be great to be able to do something like that.
It seems I spoke to soon. I tried too and the Device Manager method doesn’t seem to work in Windows 10. Some other methods – as well as the Device Manager method – are discussed here:
https://www.raymond.cc/blog/remount-ejected-or-safely-removed-usb-device-without-unplug-and-reinsert/
I haven’t tested to see whether any of these will work in Windows 10. If you do, I’d be interested to hear the outcome!
I even tried logging off and logging on again, and it didn’t work.
Thank you for your great informative newsletter. I read every issue and save many to re-read
Thank you Leo for this most informative video about ransomware32.
Here is what I do to protect myself from ransomware or from the almost inevitable hard drive failure
1-My main drive (C: ) is a Samsung 850 Evo 250GB. It contains my OS and all installed programs. Nothing else.
2- A full backup image of my main drive is done AUTOMATICALLY weekly on every Saturday with Macrium Reflect v.6. I do not have to think about doing anything. The backup is pre-programmed in Macrium Reflect and gets carried out automatically in the middle of the night while I am sound asleep. The resulting image goes into a folder named “My Images” on a second drive (F:) inside my PC. Drive F: also contains my data files (photos, documents, music etc…). Anything I want to save is stored on drive F:. Drive F: capacity is 1TB. I keep about 6 full images of my drive C:.
3- Drive F: is then synchronized to another drive (G:), that is also inside my PC. It is synchronized with the software Goodsync. Drive G: capacity is also 1TB. At this point, G: contains all my personal files and all weekly images of my Drive C:. This synchronization is done daily to make sure file additions or deletions are picked up in the backup operation.
4-Given that ransomware can encrypt all drives connected to my PC, I need to have everything on a drive THAT IS NOT connected to my PC. For this purpose , I use an external drive (W:). Goodsync synchronizes daily drive G: to this external drive THAT GETS DIOSCONNECTED from my PC after the synch job is carried out.
If ransomware strikes or if a drive in my PC dies, I have my back covered.
All this seems very time consuming at first glance but it is not. It only requires a few minutes of my time every day because Goodsync only copies new files and deletes files previously deleted from drive G:. It is a synchronization software.
Well worth a few minutes a day in order to sleep well at night.
Best practice is to adopt the frequently recommended 3-2-1 backup strategy: 3 copies of your data on 2 different devices/medium with 1 copy being offsite. That offsite copy can help protect your data against things like fires, floods, theft, power surges that occur at a times when all your devices happen to be connected, etc., etc. If all copies of data are held onsite, you’re vulnerable.
http://www.hanselman.com/blog/TheComputerBackupRuleOfThree.aspx
My data files (and many more) are always kept up to date by Backblaze.
Dave
I wonder if a backup system that uses and external disk is safe from Ransomware. I have Acronis True Image 2015 – paid version, and do a full backup once a month and an incremental daily. Can Ransomware get to that backup? It is, in reality, just another disk in my system.
Maybe, maybe not. There’s at least one variant that attempts to delete backup files in order to prevent restoration. The best advice is to supplement your local backup with online/cloud backup.
Yes and no. Here’s the deal: newer forms of ransomware are, indeed, encrypting files on all drives, including backup drives. BUT, they’re not encrypting ALL files. Ransomware focuses on common data files like “.doc”, “.jpg”, “.xls” and so on. To the best of my knowledge they are not (yet) encrypting backup image files.
That’s a pretty big yet. I remember when ransomware was not YET encrypting external drives. As a preemptive measure, I’d prepare for the worst.
I totally agree. Targeting image backup files would seem to be a very logical progress and I’m surprised it hasn’t already happened.
Thanks Leo – Have been thankful for your timely tips for years and years.
“backing up, keeping your other tools up-to-date, and using your own common sense when it comes to malware.” that’s about your BEST defense against these bloody things. they’re actually very easy to avoid (and/or deal with) if you do this.
One final though very thin layer of defense against malware is to re-enable the hated user account control (UAC) option that dates to the Windows Vista days. It at least gives one a second or two to stop and look at the name of the program and to reconsider opening it before automatically hitting the ENTER key. As one of the articles in the January PCMATIC newsletter reminds us, the human factor is the weakest link of all in PC security.
That’s a good layer of protection, but most people have it enabled, as it’s enabled by default.
Having read the comments about the risk of infection downloading from a file shearing sites (the answer it which I thought was pretty obvious) how about streaming from these sites, as the data is just being read from a temp file and not stored is there any risk of infection from streaming, is it possible to to hide an .exe within video streaming data.
Anything that copies bits to your computer is a risk. Don’t use questionable sites – period.
This afternoon I went to my Windows 7 computer and typed in a web address and up popped a blue screen and a message that my computer was infected with malware. There was also an official sounding verbal message telling me I needed to call a particular phone number. I shut down the computer. The computer needed to update before shutting down. Is this an example of ransomware?
No, this was a phishing scam. If you’d phoned the number, they’d have charged you to remove the supposed malware. It’s really no different to the “Your computer is infected” telephone scams. Chances are you mistyped the address of the site you wanted to visit (“AksLeo.com” instead of “AskLeo,com”, for example) and ended up at the rogue/scam site. Anybody and everybody visiting the site would have seen that message. It doesn’t mean your computer is or was infected.
But what do you mean when you say, “The computer needed to update before shutting down.” Was it simply a standard Windows Update?
It was probably a routine system update.
In that case, you likely have nothing to worry about.
If you have some kind of secondary device for booting, USB, DVD, etc., have you tested it? Many are religious about backups, but don’t really know if they work. My Dell laptop will NOT boot to a secondary device until first changing some settings inside windows. The old days of using F8 to change boot sequence are gone. Suggest testing your backup boot device.
Great advice. It’s best to understand how to restore a backup before you need to do it – especially as, come that time, you may have lost access to the only device that enables you to search the web!