Ransomware ~ Security of ones Back-up files

  wee eddie 11:14 30 Dec 13
Locked
Answered

With the arrival Cryptlocker, the latest type of pernicious Ransomware, on the scene (I'm sure that there will be other copycat versions shortly, because of it's success) with it's ability to, not only to encrypt all the files on one's Hard Drive, but also encrypting any drives attached to the infected Computer.

What is one to do?

Because, if your Backup Files are permanently connected to your PC, they're gone as well.

There is no need to tell me of the special download to protect against CryptLocker, I have already installed it.

My External Hard Drive needs some sort of Firewall to protect it from infection , or to be disconnected from the main PC except while Back ups are being run.

Ideas please: Physically unplug the Drive, a cable with a timer on it so that it is only open at specific times, What?

  SimpleSimon1 13:23 30 Dec 13

Hi Wee Edie

TBH, my external backup drives (2 x 1Tb USB drives) are never physically connected to the PC unless I'm doing a backup. In actual fact they aren't even kept in the same room as the PC or our home server. I backup deltas every weekend via FreeFileSync and it only takes a couple of mins to grab the relevant drive and plug it in.

I suppose you could keep the drive physically plugged in and connect/disconnect via Task Scheduler or similar but these damned malware authors seem to be getting smarter and smarter. That being the case, I'll stick to physical separation of drives to keep the backups safe (assuming, of course, that I don't manage to infect my PC before connecting a backup drive :-) )

  mole1944 13:45 30 Dec 13

I back up to two external drive that are only connected when I do a disc clone with acronis (Free if you have wd drive anywhere on your system, i alternate between the two on and backup every weekend or if I have put something major on my system,a friend got the cryptolocker on his machine result was I had to buy reinstall discs and I also did a clone so that in the event of there machine going pear shaped I could just clone back the good copy.

  Mr Mistoffelees 20:27 30 Dec 13
Answer

"I'll stick to physical separation of drives to keep the backups safe."

That has to be the best policy.

  rdave13 22:46 30 Dec 13

My two internal drives will stay as they are. Difference is, now, they will be set as 'offline' in disk management. Had to do that with an external e-sata drive as plug and play doesn't play with it. If you need to access then just reverse. Easy on Win 8 or 8.1

  rdave13 23:07 30 Dec 13

wee eddie , I forgot to thank you for the information. Thanks.

Not only that the two drives being offline is more secure but shaved another mille-second off the boot-up time :)

  wee eddie 10:19 31 Dec 13

Decision made and carried out.

FoolishIT checked: No Updates available for CrytptPrevent and then I wrote it into the Monthly Checklist.

Backup HDD disconnected ~ It will only be connected for the period of the Backup.

Is this OTT or a sensible strategy?

  alanrwood 12:02 31 Dec 13

You can't go OTT with this problem so you have take sensible precautions. I sync my main machines every day and two of them are laptops which are not switched on unless needed. Also took Disk Images of the install just in case and stored similarly.

  Batch 12:06 31 Dec 13

My backups (zip files) of volatile data (on 2 x HDDs and 1 x pen drive) run through a cycle of 6 increments. bufile.zip, bufile.old1......bufile.old5.

When the latest backups are copied across to the backup devices (using batch files). The oldest file (.old5 is deleted and all the other ones moved along one - e.g. .old4 becomes .old5 and so on). That gives me six increments.

But as I copy to the backup devices at different frequencies, in fact, the number of discrete increments actually stored is probably more like 12 or so. Hopefully I would detect an issue (like cryptolocker) before all of the increments were affected (I can't say for all such malware, but I understand that cryptolocker focuses on certain file types).

OTT - never! ;-)

  wee eddie 11:20 01 Jan 14

Had one of those flashes of the b**y obvious last night, probably alcohol induced.

One of my older External Hard Drives has it's own Switch. That one is now permanently connected, but only switched on when I need to access the movies/files it holds. Still got a little Housekeeping to do though.

The Drive which holds the Backups will only be connected when Backup Time comes around.

This thread is now locked and can not be replied to.

Surface Pro (2017) vs Surface Pro 4

20 groundbreaking 3D animation techniques

How to mine Bitcoin on Mac