Page 1 of 3 123 LastLast
Results 1 to 15 of 43
  1. #1
    iNET Interactive
    Join Date
    Jan 2010
    Location
    Seattle, WA, USA
    Posts
    379
    Thanks
    1
    Thanked 29 Times in 24 Posts

    Protecting your backup files from ransomware


    LangaList Plus

    Protecting your backup files from ransomware


    By Fred Langa

    Ransomware covertly encrypts user files and then demands payment for the key. Here’s how to ensure that backup files remain safe, if an infection takes over your main PC.

    Plus: A “Windows Hello” biometric/fingerprint sign-in system fails after a Win10 upgrade and updated suggestions for Win10 file management.

    The full text of this column is posted at windowssecrets.com/langalist-plus/protecting-your-backup-files-from-ransomware (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,733
    Thanks
    95
    Thanked 128 Times in 125 Posts
    Protecting your backup files from ransomware - Fred Langa
    My wildest guess is to be eternally vigilant, often checking folders and files from time to time, making sure such are usable and untouched. Now, those using anti-ransomware simply have added an ally to their vigilance.
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/

  3. #3
    New Lounger
    Join Date
    Feb 2013
    Location
    Shenandoah Valley Virginia
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    What about protection by the new Bitdefender program released on March 29? Bitdefender Anti-Ransomware is a new product by security company Bitdefender to protect Windows PCs against several ransomware families. Thank you. https://labs.bitdefender.com/2016/03...cine-released/

  4. #4
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Hartford, WI, USA
    Posts
    370
    Thanks
    153
    Thanked 62 Times in 37 Posts

    "no longer any reason" - Really?

    Fred Langa, who by the way I highly respect, writes in his article "Protecting your backup files from ransomware / Win10 file-management best practice?"
    I quote:
    In short: Even though Windows still allows you to separate the OS and your user files, there’s really no longer any reason to do so.

    "... any reason ..."? I beg to differ.

    I know YMMV! Here is my personal reason to have data not only in a separate partition but even on a separate distinct disk drive:

    Fairly early after SSDs had become available I decided to have my system and programs on a SSD drive and my now 230+GB of pure data on a conventional separate HDD. That decision was forced on me by the fact that back then I simply could not afford more than a SSD larger than 250GB capacity.

    This setup has so far served me very well and I see absolutely no reason to change it, at least not as long as the current computer keeps chugging along as nicely as it does.

    BTW should anybody be interested at all:
    C: still holds C:\Users\ and C:\Program Data\.
    The internally mounted data drive E: holds all standard Windows data folders PLUS the data folders for backing up my utilities flash drive(s) and about 3GB(!) data folders of my Thunderbird email client. As of today I have a total of 226GB of data on E:.
    Eike J Heinze
    What I am about
    SE Wisconsin

  5. The Following 4 Users Say Thank You to eikelein For This Useful Post:

    DavidFB (2016-04-05),Fyrewerx (2016-04-05),mc2fran (2016-04-07),radar (2016-04-05)

  6. #5
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Hartford, WI, USA
    Posts
    370
    Thanks
    153
    Thanked 62 Times in 37 Posts

    I beg to issue a warning:

    Quote Originally Posted by yrralrellim View Post
    What about protection by the new Bitdefender program released on March 29? Bitdefender Anti-Ransomware is a new product by security company Bitdefender
    Quote from Bitdefender's blog post about just that new tool, comments section, Bitdefender replying to a comment question:
    Razvan Stoica says:
    March 31, 2016 at 3:28 pm

    It’s a vaccine, but it can (and probably will) be updated against new strains, hence the need to run at startup. It does not monitor behavior, it just uses some tricks to prevent those specific families of ransomware from infecting your system.
    The software is provided AS-IS, without any implied or explicit guarantees. Redistribution is permitted.

    That tells me that they will have to play the usual whack-a-mole game with new strains of or techniques in ransomware. YMMV but I prefer a permanently running behavioral watchdog like CryptoPrevent. I just believe that the combinationm of registry surveillance AND behavior checker/blocker has a better chance at catching zero-day behavior than a purely reactive kind of program and/or signature update alone.
    Last edited by eikelein; 2016-04-05 at 07:50. Reason: typo
    Eike J Heinze
    What I am about
    SE Wisconsin

  7. #6
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by eikelein View Post
    Fred Langa, who by the way I highly respect, writes in his article "Protecting your backup files from ransomware / Win10 file-management best practice?"
    I quote:
    In short: Even though Windows still allows you to separate the OS and your user files, there’s really no longer any reason to do so.

    "... any reason ..."? I beg to differ.

    I know YMMV! Here is my personal reason to have data not only in a separate partition but even on a separate distinct disk drive:

    Fairly early after SSDs had become available I decided to have my system and programs on a SSD drive and my now 230+GB of pure data on a conventional separate HDD. That decision was forced on me by the fact that back then I simply could not afford more than a SSD larger than 250GB capacity.

    This setup has so far served me very well and I see absolutely no reason to change it, at least not as long as the current computer keeps chugging along as nicely as it does.

    BTW should anybody be interested at all:
    C: still holds C:\Users\ and C:\Program Data\.
    The internally mounted data drive E: holds all standard Windows data folders PLUS the data folders for backing up my utilities flash drive(s) and about 3GB(!) data folders of my Thunderbird email client. As of today I have a total of 226GB of data on E:.
    And yet your separate data partition in your setup won't protect you from ransomware...
    Rui
    -------
    R4

  8. #7
    New Lounger
    Join Date
    Jun 2010
    Location
    North Palm Beach, Florida
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    If necessary, can we depend on being able to recover any/all affected files from our Carbonite backups?

  9. #8
    Lounger
    Join Date
    Dec 2009
    Posts
    26
    Thanks
    4
    Thanked 2 Times in 1 Post
    regarding "Win10 file-management best practice", what are you thoughts about moving user files to another internal hard drive when using a small (256GB or less) SSD for the Windows 10 system files? thanks

  10. #9
    New Lounger
    Join Date
    Jun 2010
    Location
    Eugene, OR
    Posts
    20
    Thanks
    10
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by eikelein View Post
    Fred Langa, who by the way I highly respect, writes in his article "Protecting your backup files from ransomware / Win10 file-management best practice?"
    I quote:
    In short: Even though Windows still allows you to separate the OS and your user files, there’s really no longer any reason to do so.

    "... any reason ..."? I beg to differ.

    I know YMMV! Here is my personal reason to have data not only in a separate partition but even on a separate distinct disk drive...
    I'm with eikelein here! I have ~1 TB of images in my Pictures folder. With a system that contains 500GB of SSD and 4TB of SSHD storage, Fred's advice doesn't work well for me. On the other hand, moving the Users folder to SSHD drives works quite well. I recognize that the danger of ransom-ware is still there, and wonder how to manage protection in a continuous backup scenario? Fred, what's your advice for this configuration?
    Last edited by dvhirst; 2016-04-05 at 14:21.

  11. #10
    Lounger
    Join Date
    Dec 2009
    Posts
    26
    Thanks
    4
    Thanked 2 Times in 1 Post
    Quote Originally Posted by eikelein View Post
    Quote from Bitdefender's blog post about just that new tool, comments section, Bitdefender replying to a comment question:
    [INDENT] Razvan Stoica says:
    March 31, 2016 at 3:28 pm

    That tells me that they will have to play the usual whack-a-mole game with new strains of or techniques in ransomware. YMMV but I prefer a permanently running behavioral watchdog like CryptoPrevent. I just believe that the combinationm of registry surveillance AND behavior checker/blocker has a better chance at catching zero-day behavior than a purely reactive kind of program and/or signature update alone.
    eikelein, I, too, am worried about ransomware. Do you have CryptoPrevent active at the same time as Windows Defender, BitDefender, or any other anti-virus program?
    thanks.
    radar

  12. #11
    Star Lounger
    Join Date
    Feb 2010
    Location
    near Ottawa, Ontario, Canada
    Posts
    73
    Thanks
    111
    Thanked 15 Times in 14 Posts
    Quote Originally Posted by eikelein View Post
    ........I prefer a permanently running behavioral watchdog like CryptoPrevent. I just believe that the combinationm of registry surveillance AND behavior checker/blocker has a better chance at catching zero-day behavior than a purely reactive kind of program and/or signature update alone.
    I have been using CryptoPrevent for a long time and have several licensed copies. Cyptoprevent may NOT do everything you attribute to it.

    My understanding of Cyptoprevent is that basically it uses Windows Group Restriction Policies to disable many of the infection methods used by current ransomware; things like running executable files from various data directories, allowing you to run things like "filename.pdf.exe", etc. I do not believe it has any "active" behavioral monitoring or registry surveillance.

    In answer to @radar's question about using CryptoPrevent along side other products, I have seen no conflicts with MalwareBytes, Emsisoft, Kaspersky, ZoneAlarm, etc. (across several different machines). I believe this is due to the fact that it simply sets a bunch of "Group Policy" rules in the registry to disable much of the "bad behaviour" of current ransomware and then is done. It leaves nothing actively running.

    Of course, the new version of CryptoPrevent may add additional prevention strategies.

    -brino

  13. The Following User Says Thank You to brino For This Useful Post:

    radar (2016-04-05)

  14. #12
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 986 Times in 916 Posts
    Quote Originally Posted by radar View Post
    regarding "Win10 file-management best practice", what are you thoughts about moving user files to another internal hard drive when using a small (256GB or less) SSD for the Windows 10 system files? thanks
    Keep your normal data on the SSD and move things like music and video - files that don't change but are large - to another disk, is what I do.

    cheers, Paul

  15. #13
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Courtenay, BC
    Posts
    244
    Thanks
    9
    Thanked 16 Times in 15 Posts
    Myself, I also still keep data and the OS/Programs on distinct drives.
    Firstly, for reasons like eikelein outlined - an SSD for what needs to be fast and a data drive for the volume.

    Secondly, for backup reasons. Having your files inside an imaging container does you 0 good if your system is down. While such events have indeed become rare, they are not 0. If my system is down, I don't want to wait until its semi-functional to get work done.

    I'm a little surprised at Fred's change on this front as he used to recommend software that would allow accessing files even from DOS. He's very particular about layers of backup and protection and yet leaves this gap in accessibility in the event of real trouble.

    Personally, I don't like how Microsoft organizes User files and too many programs dump their own folders in there. I leave all that stuff on the C drive and have my own familiar folder structure on the Data drive. Doing it the Microsoft way does give you some minor advantages in using their software but I'm not much of a fan of that either. I don't use a Mac because you have to do it the Mac way in Mac world but Windows seems to be drifting that way too.

    I understand Paul T's suggestion but I've never found organizing files by size all that useful. I'd rather have all my music together, and so forth.

  16. #14
    Lounger
    Join Date
    Dec 2009
    Posts
    26
    Thanks
    4
    Thanked 2 Times in 1 Post
    I have windows 10 and all program installations on my SSD (C and my My Documents folder on E: (2 TB HDD) (with picture and music)

    I use Karen's Tools, from 2002, for my backup, precisely for the same reason as DavidFB. I like my backup files to be accessible in DOS (i.e., not stored in some proprietary all-in-one format). And, I don't trust zip files, long term storage, as I've lost too many file collections to zip files somehow getting corrupted.

  17. #15
    Lounger
    Join Date
    Apr 2010
    Location
    Tucson, AZ
    Posts
    36
    Thanks
    0
    Thanked 3 Times in 3 Posts
    One option if you have a separate internal disk for backups and "manually" backup to it: Using diskmgmt.msc in an administrator's command prompt window, set the disk offline between backups. A bit more work but it makes the disk invisible to Win so hopefully ransom ware won't see it either.

  18. The Following User Says Thank You to pima67 For This Useful Post:

    brino (2016-04-06)

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •