Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    3 Star Lounger
    Join Date
    Apr 2010
    Location
    Los Gatos CA
    Posts
    376
    Thanks
    52
    Thanked 12 Times in 11 Posts

    Ransom protection

    I'm looking for some reassurance. With ransom ware becoming ever more prevalent, I'm wondering how safe my drive images are. As I understand it the malicious software encrypts all drives that are attached to the infected machine. Is that correct? And if so what happens when I plug in the external, uninfected drive on which I have the image? Will it then be encrypted before I get the chance to restore the image?

    David

  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,620
    Thanks
    56
    Thanked 1,056 Times in 984 Posts
    I a word, yes.
    You need to clean your machine and then boot from a clean backup boot disk before connecting your backup drive.

    Ultimately, the only way to be safe is not to become infected.

    cheers, Paul

  3. The Following User Says Thank You to Paul T For This Useful Post:

    Zer07 (2016-04-10)

  4. #3
    3 Star Lounger
    Join Date
    Apr 2010
    Location
    Los Gatos CA
    Posts
    376
    Thanks
    52
    Thanked 12 Times in 11 Posts
    Quote Originally Posted by Paul T View Post
    You need to clean your machine and then boot from a clean backup boot disk before connecting your backup drive.l
    Thanks Paul. I'd have to agree that not getting infected is a "good" idea. However, "In the unlikely event..." as we say in the airline industry, of someone clicking on a link with mind in neutral it could happen. So the cleaning would consist of what? Booting from a CD/DVD and running a cleaner? Or formatting and then restoring the image?

    David

  5. #4
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,620
    Thanks
    56
    Thanked 1,056 Times in 984 Posts
    The place to start is run a scan with your AV, then maybe an on-line scan etc, etc. This really needs to be raised as a separate question in Security because each infection is different.

    cheers, Paul

  6. #5
    3 Star Lounger
    Join Date
    Apr 2010
    Location
    Los Gatos CA
    Posts
    376
    Thanks
    52
    Thanked 12 Times in 11 Posts
    Thanks Paul. It might make a good article in the Win Secrets Newsletter.

  7. #6
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Surrey, UK
    Posts
    182
    Thanks
    8
    Thanked 44 Times in 39 Posts
    Quote Originally Posted by Rhinoceros View Post
    So the cleaning would consist of what? Booting from a CD/DVD and running a cleaner? Or formatting and then restoring the image?
    If your imaging program can be run from a bootable CD or USB stick, do that. It will overwrite the system partition and that should remove the infection.

    HTH, Martin

  8. The Following User Says Thank You to mngerhold For This Useful Post:

    brino (2016-04-11)

  9. #7
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    5,025
    Thanks
    185
    Thanked 705 Times in 620 Posts
    Quote Originally Posted by Rhinoceros View Post
    Thanks Paul. It might make a good article in the Win Secrets Newsletter.
    The article was in the newsletter four days ago: Protecting your backup files from ransomware

  10. #8
    Star Lounger
    Join Date
    May 2011
    Posts
    85
    Thanks
    2
    Thanked 3 Times in 3 Posts
    Quote Originally Posted by BruceR View Post
    The article was in the newsletter four days ago: Protecting your backup files from ransomware
    Another related question: my other laptop is on the same home network as the primary, but it's always left in hibernate mode. I don't see how any kind of virus or ransom could 'wake' the second computer and infect it, but thought I'd ask here.

  11. #9
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    5,025
    Thanks
    185
    Thanked 705 Times in 620 Posts
    Quote Originally Posted by robertpri View Post
    Another related question: my other laptop is on the same home network as the primary, but it's always left in hibernate mode. I don't see how any kind of virus or ransom could 'wake' the second computer and infect it, but thought I'd ask here.
    Always? Can you access its files from another computer?

  12. The Following User Says Thank You to BruceR For This Useful Post:

    Fascist Nation (2016-04-11)

  13. #10
    3 Star Lounger
    Join Date
    Apr 2010
    Location
    Los Gatos CA
    Posts
    376
    Thanks
    52
    Thanked 12 Times in 11 Posts
    [QUOTE=BruceR;1051587]The article was in the newsletter four days ago:/QUOTE]

    Ah! Thanks, I have been in Bali for the last 4 weeks and haven't seen that article. Will have a look.

    David

  14. #11
    3 Star Lounger
    Join Date
    Apr 2010
    Location
    Los Gatos CA
    Posts
    376
    Thanks
    52
    Thanked 12 Times in 11 Posts
    I just read the article about ransomware protection. Fred wrote:

    "But before running my monthly whole-system backups (to a different external drive), I verify that the PC is truly clean by scanning with a separate tool such as ESET's online scanner"

    So that is fine if the machine is indeed clean, and you want to make another back-up. However, in a worst case situation with the machine already infected, will my AV program (Avast), or an on-line scanner, remove the infection leaving the machine 'clean' and ready to be restored from an image?

    I use 'Image for Windows' and the image is created on a bootable USB thumb drive. If I boot using that drive will it be safe from infection?

    David

  15. #12
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    Paducah, Kentucky
    Posts
    526
    Thanks
    43
    Thanked 87 Times in 82 Posts
    If you become aware that your computer is infected, then you should turn off your computer, then insert and boot from your flash drive (or CD?). If Windows is not running then you can restore an image and that will overwrite everything on your hard disk drive.
    (If you want to be even more careful, then wipe your hard drive before doing the restore!)

  16. #13
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,620
    Thanks
    56
    Thanked 1,056 Times in 984 Posts
    Quote Originally Posted by RockE View Post
    If you become aware that your computer is infected, then you should turn off your computer, then insert and boot from your flash drive (or CD?)
    Although booting from CD / USB in W8 or 10 can be tricky and failure to boot from USB may infect your USB. A CD is the safest mechanism because it's read only.

    cheers, Paul

  17. The Following 2 Users Say Thank You to Paul T For This Useful Post:

    brino (2016-04-12),RockE (2016-04-12)

  18. #14
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    Paducah, Kentucky
    Posts
    526
    Thanks
    43
    Thanked 87 Times in 82 Posts
    Quote Originally Posted by Paul T View Post
    Although booting from CD / USB in W8 or 10 can be tricky and failure to boot from USB may infect your USB. A CD is the safest mechanism because it's read only.

    cheers, Paul
    Thanks, Paul. I should have said that a CD is safer. (I most often remove a suspect hard drive and connect it to another computer to restore an image under such circumstances.)

  19. #15
    Star Lounger
    Join Date
    Jan 2010
    Location
    Peoria, Illinois, USA
    Posts
    54
    Thanks
    4
    Thanked 14 Times in 7 Posts
    This morning (April 12) NPR's "On Point" host Tom Ashbrook spent an hour on the subject of Ransomware. Which got me to thinking again about my situation. Coupled with Fred Langa's recent article I think I know the answer but will also welcome input. With Windows 8.1 Update in place and using a spinning platter external hard drive connected to the PC BUT not turned on except to run File History or create a System Image Backup am I safe from an inadvertent stumble into a ransomware takeover. I've heard/read that disconnecting a external hard drive from the PC will keep the drive from becoming infected. Sure enough. But I also think that as long as the off/on switch for the drive is in the off position there ain't no infection getting in. Do I get a "amen" on this or not...

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •