Thanks every one for your excellent feedback. In reviewing how I posted my concerns I got carried away making up that long list because my intent was supposed to be how can I get the volunteers I'm trying to help have the proper software/information available if the their computer has a serious attack from what I've seen advertised so much: Cryptolocker & Ransomwares
Anyway my focus was supposed to be
If a computer becomes infected with one of those very serious infections, why pay the bad guys, instead spend the money to replace the hard drive and restore your backup
--- As mentioned "an unaffected backup"
This really doesn't need to be elaborated on anymore as I should have done a better job of focusing on what my intent was but your inputs helped me add to how I will deal with such a situation if/when it comes up
--- Since too many folks don't have a clue on what proper maintenance & protection means I just have to accept it for what it is
Have a great Thanksging Day
First off, I do appreciate Windows Secrets - Thank you!
Now, I am one of those close-to-average/moderately-advanced "devices at the end of keyboard". I follow several newsletter and try to take care of things as best I can. But I do also find much of this information somewhat overwhelming - although interesting and important. I have been trying to organize a backup plan for the computers we use in our non-profit association - and continue to be stalled at the barrier of being an fairly advanced user, but lacking technical knowledge.
One little bit of information that I have not been able to track down (perhaps due to not finding the right keywords) is related to backups and imaging - I feel like this must be such a basic type of question that I almost feel embarassed to post it, but here goes:
1. how can I prepare a large HD to be used to backup or image several computers? Sometime in the past, when trying to use backup/imaging resources on the Windows systems, messages would come up saying "all content on the drive will be erased", at which point I always backed off - and stayed scared to try much of anything... .
2. would the use of one larde HD be advisable or would it be wiser/necessary to have a separate back-up drive for each computer (besides considering the "eggs in one basket factor"?
3. We have 3 computers that, if I am understanding things correctly, should have periodic images for emergency recovery, besides something like incremental backups for documents. One has a 500 Gb main drive, another one has a drive that lists as 666 Gb on properties (whatever that would be if I were trying to buy a new one) and the other one lists on properties at 297 Gb - What would be the miniumu size external HD would that could be used? Would 2 Tb be enough?
4. How does one calculate the size needed for back-up?
5. I have been trying (with little success so far) to put a 2 Tb HD on my router to keep backups of documents. It that a good way to go (should I keep slugging away at it, or just use the HD for something else?
When you high tech guys write your beginners' guides to developing a backup plan, can't you include information about what kinds of drives/USB devices can be used and how to prepare them for what kinds of uses?
Mike Tech Show #481 podcast is dedicated to Mike's detailed encounter with CryptoLocker at a business he supports.
May I ask a simple question about this kind of virus: I have my OS and programs in a partition and my data in another. will the D partition infected and blocked also, as my programs get infected? I make images of the C more or less regulary, but backing-up the data-partition is more troublesome.
And a Happy Thanksgiving Day, and Happy Holidays to follow, to you and yours.
As an IT Professional of 30+ years, this topic always gets my attention, whether on this or other forums.
Medico and I share many of the same thoughts on data preservation. Just read our Signature Lines!
I have extensive experience setting up Backup systems for end users, small companies, Corporations and even one Bank.
It only takes a few minutes with a friend or customer for me to know if I'm just spinning my wheels trying to impart to them the need for proper AV/AS protection and regular scheduled PC Maintenance, or not. Some folks just don't seem to care, and won't take the time to do anything for their computer. That's why I try to automate as much AV protection and HD maintenance as possible.
When I get a "Live One" I do take the extra time, to show them how to do backups of at least their important data files. I've even gone so far, with a customer, to where I drive to a retail store and pick them up a 32 GB or bigger Flash Drive to hold all their Data Files. Then I set them up with a shortcut on their desktop, to a Batch File using XCOPY that will back up all their data files to the Flash Drive. With the XCOPY switches properly set, only new files or files that have been updated, will be copied. This keeps the daily backup down to just a few seconds, after the initial backup.
My own Backup batch file, using XCOPY, is now almost 20 lines long, so I get a lot more than just what's in the MyDocuments folder.
I'm not ignorant of the fact that even an external backup drive can fail, so I use two of them, connected permanently to my computer via a USB3 add-on card.
Going back way too many years, my own favorite saying has always been "the only bad backup is the one you decided NOT to make".
My computer is way to busy to just get a backup once a month or more. With a month old backup image, I'd loose too much if I had a HD Crash.
So I do my whole-drive backups at least once a week, and my data backups daily.
With the package of AV/AS and AM software that I use, (six programs in total) getting infected by even the most cunning virus is a one in a million chance, but a hard drive crash can happen at any moment of any day. I've been there, done that, and it wasn't pretty!!! In one summer, I lost four hard drives. [but all my data was backed up, so I never lost even ONE file]
They were all WD drives and I've never used another one of those since then. But, even the most expensive drive, from the worlds best drive manufacturer will die eventually. So read my sig line!
Again, I'd like to wish y'all, a very Happy Holiday Season!
The Doctor (growing old in Florida) :cool:
Welcome to the Lounge.
With the most used imaging apps here, you can pretty much use any external hard drive without any preparation. The drive will come formatted and you can add any folders that allow you to keep things organized the way you want them. I just keep a main Backup folder, with subfolders named for each computer and I just add the imaging files inside each folder. There's not much more into it.
Using the native Windows imaging app may require an extra small effort, since you should rename the backup folder created for each image, to avoid a new image deleting the previous one.
When imaging, images take around 60%-70% the actually used imaged disk capacity. I am thinking that probably most of your disk space is not used, so probably a 1TB disk would be enough, but probably a 2TB disk gives you more room and it's probably the best option.
Now, at the moment, while backing up my 3 active computers, I rotate two hard drives (one 750 MB disk, another 1000MB). Each of the disks takes multiple images of the 3 computers, so I am able to keep at least 2 images of each, in each of the backup disks. So, if you feel a bit more paranoia inclined, like me, you probably could go with 2 x 1TB disks and rotate them. That would save you from an issue with the backup disk itself :). Whether 1 Tb would be enough for you, that would depend on the amount of disk used in each of your computers.
Another option is to use some cloud backup - this could allow you to use just one disk and feel safe, nonetheless.
Bottom line is, backup at least to one external disk, this is the very minimum. For added safety, add another disk and / or the cloud.
Personally I think backing up the data partition is even more important than backing the OS partition. Programs can be replaced with more or less effort, your data may probably be irreplaceable, if you lose it for any reason.
Here is my experience with Crypto Locker...last week...
Client brought laptop in....infected with CL...I opened some Word and Excel files and a few PDF's just to see what happens...
The files that would open were pure garbage...Word could not open any .doc's...
Since I had not seen CL before, I went out to several forums looking for help...
Talked over the issues with client and since he had no backups at all...he decided to pay the ransom and "hope" he would get at least some of his
Had to get the MoneyPak card which I found out is available at Walmart, in the "Money Center"...
I connected the infected lapper to my network after turning off all my computers...powered up and got the CL warnings...
I scratched off the silver cover over the numbers on the MoneyPak card...and entered them in the laptop...
I stated this about 11pm with the hopes that by the morning, it would have done what it was going to do...
Next morning, no joy....error message said I was not connected to Inet...I opened IE and sure enough I WAS connected to Inet...
I let it run...checked on it in a few hours and found that Vipre had run a scan and cleaned a virus....it was the CL virus...
Now nothing was working...
Following thru the various error messages, I found a place where CL conveniently provided a link so that you can download CL and run it again as
that is the only way you can "reconnect" the virus to the control servers to get the decryption key...
I left the laptop connected to my network most of the day...since CL conveniently provided a message that said...while MoneyPak was being "processed"...
I got several error messages that the MoneyPak number did not exist...but finally, after about almost 2 days I saw it scanning files and it indicated it was
saving those files...
After it was done, I opened a number of files and it looked like about 5% of the files were NOT decrypted...so those files are lost...
About 2 days later I got an email from my ISP, ATT saying that they had detected bot activity on my IP address and that I needed to explain to
ATT what was going on and how I was fixing it or face the possibility that my IP will be blacklisted...I responded pretty quickly...
After my experience and posting on several forums....here are a few thoughts...
1. It appears that CL will infect any attached USB hard drives...
2. It appears that CL will infect any mapped hard drives...
3. It appears that CL will, during the "de-cryption" process place a bot on the computer
for future infections...and perhaps DNS director...
4. I am using the Crypto Prevent from http://www.foolishit.com/vb6-projects/cryptoprevent/
I don;t know how effective it is...but as they say..."any port in a storm"...this is going on all my clients computers...
5. AND I'm advising all my clients about the email that CL seems to use to get the virus out...
For my PC's I got a 3 TB USB HD and am using Macrium Reflect to create regular full image backups...as it seems
quite likely that CL CANNOT infect a compressed, encrypted backup...I plug the USB HD in and run Macrium about
once a week and UNPLUG the HD after the image has been created...
I'm especially paranoid and make a complete clone copy of my master hard drive at the end of every month. Since all of my data files are backed up in real time on an external drive, those aren't usually affected. So if I wind up with an infected hard drive and system, I can overwrite the original hard drive from the clone and, worst case, only have to gather up whatever has changed in the prior 30 days. This has already saved me a lot of money and trouble having to wipe and reinstall the system. Fortunately it doesn't happen often so it hasn't been a problem, but it's a great solution for those rare occasions.
Just another 'Stupid' question.....
Was there NO AV protection on these PC's that got infected by "Crypto Locker" ???
I'm retired now but part of my job was to make sure that all the computer controllers taking important data was safe from data loss. I always kept what I call a "pristine hard drive" containing all the settings and drivers that were required to keep complex measurement systems functioning. A "working hard drive" was used to take measurements - it was a clone of the pristine hard drive. Images were made routinely of the working hard drives especially after taking a set of critical data. More than once I was called on to restore a computer controller using the recent image of that machine.
Yes, I had some HD crashes and was able to use the pristine hard drive to recone and then the most recent image to restore critical data. Users were advised that I should be allowed access to these machines so that the data would be secure.
The same thing can be done in one exercise: have a pristine hard drive that could be recloned to a fresh HD should there be a crash or use an recent image to restore data including an functional OS in minutes
PS: I use Acronis
i just bought two cheap 2TB drives
back up my data on each, alternating them, every week
then disconnect them from the pc
the reasoning is to make sure that one of them is still good should cryptolocker hit
and also infect the backup disks. at worst it might have gotten one of them.
i can always scrub the hd and reinstall programs
but i cannot recreate the data
in addition, a separate disk for backup imaging purposes used weekly.
worst case is that i am a weeks worth of work/data that may need to be redone
but prevention is better than cure
unless some expert here can say otherwise (and i am listening!)
use a good antivirus program
also one that guards the registry against changes unless you approve
anti rootkit software
i use mbam, norton, win patrol, spyware blaster, rubotted, plus a number of batch programs including a couple from microsoft that need to be reloaded every time before using them.
stay off the internet if you are not actively using it intentionally.
do not open any file without checking it first
stay away from facebook hotmail linkedin and all the sites that admit they are putting software on your pc andor tracking your every move or worse.
A compressed file can be processed by another compression utility (but probably not result in a smaller output file)
If CL has the ability to encrypt a file I see absolutely no reason why it would be unable to additionally encrypt an already compressed and encrypted backup file.
Back to an earlier post here: Where do you find the "25" character ID? I have my computer's product number and serial number and system info, but the Windows Product ID only contains 23 characters including the hyphens.
BTW, I do have redundant full weekly backups and daily data backups, and cloud data backups, plus the manufacturer's restore DVDs purchased separately in addition to the restore partition on the computer.