Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    3 Star Lounger
    Join Date
    Apr 2010
    Location
    Los Gatos CA
    Posts
    374
    Thanks
    52
    Thanked 12 Times in 11 Posts

    Ransom protection

    I'm looking for some reassurance. With ransom ware becoming ever more prevalent, I'm wondering how safe my drive images are. As I understand it the malicious software encrypts all drives that are attached to the infected machine. Is that correct? And if so what happens when I plug in the external, uninfected drive on which I have the image? Will it then be encrypted before I get the chance to restore the image?

    David

  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,170
    Thanks
    47
    Thanked 980 Times in 910 Posts
    I a word, yes.
    You need to clean your machine and then boot from a clean backup boot disk before connecting your backup drive.

    Ultimately, the only way to be safe is not to become infected.

    cheers, Paul

  3. The Following User Says Thank You to Paul T For This Useful Post:

    Zer07 (2016-04-10)

  4. #3
    3 Star Lounger
    Join Date
    Apr 2010
    Location
    Los Gatos CA
    Posts
    374
    Thanks
    52
    Thanked 12 Times in 11 Posts
    Quote Originally Posted by Paul T View Post
    You need to clean your machine and then boot from a clean backup boot disk before connecting your backup drive.l
    Thanks Paul. I'd have to agree that not getting infected is a "good" idea. However, "In the unlikely event..." as we say in the airline industry, of someone clicking on a link with mind in neutral it could happen. So the cleaning would consist of what? Booting from a CD/DVD and running a cleaner? Or formatting and then restoring the image?

    David

  5. #4
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,170
    Thanks
    47
    Thanked 980 Times in 910 Posts
    The place to start is run a scan with your AV, then maybe an on-line scan etc, etc. This really needs to be raised as a separate question in Security because each infection is different.

    cheers, Paul

  6. #5
    3 Star Lounger
    Join Date
    Apr 2010
    Location
    Los Gatos CA
    Posts
    374
    Thanks
    52
    Thanked 12 Times in 11 Posts
    Thanks Paul. It might make a good article in the Win Secrets Newsletter.

  7. #6
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Surrey, UK
    Posts
    161
    Thanks
    7
    Thanked 39 Times in 35 Posts
    Quote Originally Posted by Rhinoceros View Post
    So the cleaning would consist of what? Booting from a CD/DVD and running a cleaner? Or formatting and then restoring the image?
    If your imaging program can be run from a bootable CD or USB stick, do that. It will overwrite the system partition and that should remove the infection.

    HTH, Martin

  8. The Following User Says Thank You to mngerhold For This Useful Post:

    brino (2016-04-11)

  9. #7
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by Rhinoceros View Post
    Thanks Paul. It might make a good article in the Win Secrets Newsletter.
    The article was in the newsletter four days ago: Protecting your backup files from ransomware

  10. #8
    Star Lounger
    Join Date
    May 2011
    Posts
    83
    Thanks
    2
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by BruceR View Post
    The article was in the newsletter four days ago: Protecting your backup files from ransomware
    Another related question: my other laptop is on the same home network as the primary, but it's always left in hibernate mode. I don't see how any kind of virus or ransom could 'wake' the second computer and infect it, but thought I'd ask here.

  11. #9
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by robertpri View Post
    Another related question: my other laptop is on the same home network as the primary, but it's always left in hibernate mode. I don't see how any kind of virus or ransom could 'wake' the second computer and infect it, but thought I'd ask here.
    Always? Can you access its files from another computer?

  12. The Following User Says Thank You to BruceR For This Useful Post:

    Fascist Nation (2016-04-11)

  13. #10
    3 Star Lounger
    Join Date
    Apr 2010
    Location
    Los Gatos CA
    Posts
    374
    Thanks
    52
    Thanked 12 Times in 11 Posts
    [QUOTE=BruceR;1051587]The article was in the newsletter four days ago:/QUOTE]

    Ah! Thanks, I have been in Bali for the last 4 weeks and haven't seen that article. Will have a look.

    David

  14. #11
    3 Star Lounger
    Join Date
    Apr 2010
    Location
    Los Gatos CA
    Posts
    374
    Thanks
    52
    Thanked 12 Times in 11 Posts
    I just read the article about ransomware protection. Fred wrote:

    "But before running my monthly whole-system backups (to a different external drive), I verify that the PC is truly clean by scanning with a separate tool such as ESET's online scanner"

    So that is fine if the machine is indeed clean, and you want to make another back-up. However, in a worst case situation with the machine already infected, will my AV program (Avast), or an on-line scanner, remove the infection leaving the machine 'clean' and ready to be restored from an image?

    I use 'Image for Windows' and the image is created on a bootable USB thumb drive. If I boot using that drive will it be safe from infection?

    David

  15. #12
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    Paducah, Kentucky
    Posts
    420
    Thanks
    37
    Thanked 67 Times in 64 Posts
    If you become aware that your computer is infected, then you should turn off your computer, then insert and boot from your flash drive (or CD?). If Windows is not running then you can restore an image and that will overwrite everything on your hard disk drive.
    (If you want to be even more careful, then wipe your hard drive before doing the restore!)

  16. #13
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,170
    Thanks
    47
    Thanked 980 Times in 910 Posts
    Quote Originally Posted by RockE View Post
    If you become aware that your computer is infected, then you should turn off your computer, then insert and boot from your flash drive (or CD?)
    Although booting from CD / USB in W8 or 10 can be tricky and failure to boot from USB may infect your USB. A CD is the safest mechanism because it's read only.

    cheers, Paul

  17. The Following 2 Users Say Thank You to Paul T For This Useful Post:

    brino (2016-04-12),RockE (2016-04-12)

  18. #14
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    Paducah, Kentucky
    Posts
    420
    Thanks
    37
    Thanked 67 Times in 64 Posts
    Quote Originally Posted by Paul T View Post
    Although booting from CD / USB in W8 or 10 can be tricky and failure to boot from USB may infect your USB. A CD is the safest mechanism because it's read only.

    cheers, Paul
    Thanks, Paul. I should have said that a CD is safer. (I most often remove a suspect hard drive and connect it to another computer to restore an image under such circumstances.)

  19. #15
    Lounger
    Join Date
    Jan 2010
    Location
    Peoria, Illinois, USA
    Posts
    41
    Thanks
    4
    Thanked 14 Times in 7 Posts
    This morning (April 12) NPR's "On Point" host Tom Ashbrook spent an hour on the subject of Ransomware. Which got me to thinking again about my situation. Coupled with Fred Langa's recent article I think I know the answer but will also welcome input. With Windows 8.1 Update in place and using a spinning platter external hard drive connected to the PC BUT not turned on except to run File History or create a System Image Backup am I safe from an inadvertent stumble into a ransomware takeover. I've heard/read that disconnecting a external hard drive from the PC will keep the drive from becoming infected. Sure enough. But I also think that as long as the off/on switch for the drive is in the off position there ain't no infection getting in. Do I get a "amen" on this or not...

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •