Windows 10: Sadly, protection from ransomware is not totally possible

Discus and support Sadly, protection from ransomware is not totally possible in AntiVirus, Firewalls and System Security to solve the problem; I was trying to see what might be a good way to protect oneself from ransomware. The reason that I started thinking about this is that my external... Discussion in 'AntiVirus, Firewalls and System Security' started by Fortitude, Jun 20, 2017.

  1. Fortitude Win User

    Sadly, protection from ransomware is not totally possible


    I was trying to see what might be a good way to protect oneself from ransomware. The reason that I started thinking about this is that my external backup disks are continuously connected to my PC. This would mean that a ransomware attack could infect those external disks as well as my internal disk.

    Unfortunately the discussion threads that I saw do not come up with anything definitive other than to have at least one backup offline. The most useful strategy that I read was in Idea for ransomware protection of network drives where the poster suggests the following steps.

    I wish I could develop a program to do all that automatically, on a schedule!

    :)
     
    Fortitude, Jun 20, 2017
    #1

  2. What's the best Windows 10 backup strategy for a home user that can recover from a ransomware attack?

    The best option is to create weekly offline backups using separate drives, so, in the event of a ransomware attack, you can simply boot from the backup and restore it.

    Here are some tips for protecting your system:

    How to Protect Your Computer From Ransomware - groovyPost

    https://www.groovypost.com/howto/protect-window...
     
    Andre Da Costa, Jun 20, 2017
    #2
  3. How to get rid of a ransomware malicious virus

    Hi Jim,

    For more information about Ransomware, and on how to handle it, we suggest that you check the following articles:


    We would appreciate it if you could get back to us and provide us your feedback.
     
    Michael Gall, Jun 20, 2017
    #3
  4. dalchina New Member

    Sadly, protection from ransomware is not totally possible

    Hi, I think that was discussed a long time ago; I recall comments like
    - that's why I need a wife (or similar) - could be husband of course.. *chuckle
    - discussion of a robot arm...

    You could create an obscure program that rogue software would not run to control power to your backup source:
    USB Relay Controller | eBay

    but you'd want to be able to power it down safely, of course.
     
    dalchina, Jun 20, 2017
    #4
  5. Bree New Member
    In general, ransomeware looks for all the drive letters in your system. If you don't map a letter to a network drive it can't find it. You can still back up files to it though, using a UNC path of the form...

    https://en.wikipedia.org/wiki/Path_(...ing_Convention
     
  6. Other possibility, if you are using a standard user account or have UAC to set to full.

    1. Change your drive to read only and allow only admins to modify/write.
    2. Setup your auto-backup software to run as admin and that is it.

    Note: You should also disable WSH and restrict powershell, both can be used to elevate user rights.
     
    TairikuOkami, Jun 20, 2017
    #6
  7. roy111 Win User
    I've been also thinking of a "simple" solution and this is what i'm doing,
    set up a hybrid system with both win and linux, windows back up to a linux samba share
    then linux back up to a non shared folder, possibly invisible to the windows network.
    Now if windows get infected the non sahred folder will still be safe.
    Never got a ransomware so I wonder if it will really work, could it?
     
    roy111, Jun 21, 2017
    #7
  8. Sadly, protection from ransomware is not totally possible

    I read somewhere that some ransomware programs can assess SMB-connected drives even if not mapped. I have no idea if that's true, but I found it frightening.

    One option that adds a small degree of safety is to take FTP backups to a server that does not have SMB running. And have the backup scripted so that the script fails if it tries to copy an already infected file. (That's probably an unnecessary step. If files were infected that would probably include the backup script.)
     
    pokeefe0001, Jun 22, 2017
    #8
  9. Hydrate Win User
    I think there still exists the problem if the ransomware is executed under an Administrator account, there exists exploits to bypass UAC.

    This can potentially stop Standard accounts from compromising backups and the host.

    I personally like this idea a lot! This is not too simple and requires a lot of user intervention, but it sounds like it can work.

    Correct me if I'm wrong, the Linux Samba Share must also be online to transfer files over the network to the active Linux box.

    How would you accomplish this on a single box, if only one operating system can be online while the other is turned off
    ? I think you meant two separate machines or a virtual machine, yes?

    Personally, for ransomware attacks.:

    I would use MBAM 3's Ransomware protection feature while reconfiguring it's exploitation options for maximum allowed,along loaded with Windows Firewall (custom configuration) and EMET 5.5 maximum compliance.

    Customized compiled VBScript calling Windows Script Host.

    BitLocker AES-256 encryption.

    Task Scheduler my C:\ransomware_protection.exe

    Typically, ransomware does not infect .exe nor %systemroot% because they want their ransom's and not a crippled system. So with the exception of a few ransomware attacks whom may or may not be exempt from this prior assumption...

    I would write a WSH script with read and execution access, given the system hide and EFS encryption attributes and compile in a special third party software so it's more difficult to find the BitLocker pw. The script will detect for the integrity of several dummy files scattered randomly across the system in typical user directories (Desktop, Videos, Pictures) and it's contents, and then if the integrity or MD5 of these files (with read access only) has its MD5 altered, I would end the script and ransomware would not transfer. If ransomware strikes, the script would be encrypted and no transfers would take place.

    Else, the integrity has been maintained, I would allow it to transfer accordingly. For the transfer process to occur:

    The second barrier requires BitLocker drive encryption on backup drives. The script would navigate Windows and unlock the drive (yes with the BitLocker password encased in the script, which I would compile into an .exe) to allow the file transfer and lock the drive once it's completed.

    This sounds pretty complex and descent once it's setup.
     
    Hydrate, Jun 23, 2017
    #9
  10. roy111 Win User
    There is no intervention using the simplest solution with no personalized script,
    of course you need at least two machines:

    win save to linux samba with file history (automatic), linux save samba shared folder to a linux folder
    that could be a network SFTP or NFS folder or even an ext4 formatted external usb HD (automatic,
    i.e. with bacula or rsync/grsync).
    I think this make sense if you have a relatively complex environment
    with both windows and linux pc; for a single PC the virtualization could be overkill and an external usb
    (detachable) should do.
     
    roy111, Jun 23, 2017
    #10
  11. Hydrate Win User
    What about those without 2 systems at their disposal?

    I personally like the idea of adding Linux (without wine, lol) into the mix, and it would bar the ransomware from executing on the Unix based system. But what if the Windows box is affected by the ransomware and does not backup the most latest, critical files? Is it a sustainable loss?
     
    Hydrate, Jun 23, 2017
    #11
  12. jimbo45 Win User
    Hi there

    For those without 2 machines : You can actually have the Linux machine as a VM --it can still backup HDD's from the Host !!!.

    run the backup FROM the Linux server (obviously with Internet disconnected) and AFTER checking Windows box that there's no malware on it.

    From linux you'll need something like RSYNC or GRSYNC (graphical / GUI version of RSYNC) which is great for backing up DATA. RSYNC is standard on Linux distros, GRSYNC is available on most Linux distros including CENTOS which is what I use.
    Use the GUI version (GRSYNC) to test your parameters and when it works manually you can then use the command line version (RSYNC) for your batch backup job(s).

    GRSYNC example :


    Sadly, protection from ransomware is not totally possible [​IMG]


    For the (Windows) OS use something from he Linux box like CLONEZILLA which will image the OS (Windows HDD).

    It depends on how many systems you need to backup.
    If it's only 1 or 2 client machines then a stand alone backup on each client using macrium is fine -- but if you need an automated process you'll essentially have to use Linux. I'm not sure how complex job scheduling can be done in Windows --hopefully people better qualified than me could answer this question -- however it's relatively easy on Linux if the server can access your Windows drives.

    Simply use the Crontab to schedule your jobs and ensure the client (Windows) machines are available to the server.

    You will need to install SAMBA on the Linux machine though.



    Cheers
    jimbo
     
    jimbo45, Jun 23, 2017
    #12
  13. Hydrate Win User

    Sadly, protection from ransomware is not totally possible

    This makes sense, more elaboration! I love it. OK, this sounds like a fine process - however, how would we accomplish it without having to manually check the Windows box for malware and file integrity? There is no automatic fail safe that doesn't require user intervention?

    I tried to implement that with my WSH script on my Windows box, without Linux. Trying to be as resourceful as I can *Nerd

    Yes, virtualization is an option that I always consider, especially with a lot of my work invested in the field.

    I'm super invested into security, it's my specialty.
     
    Hydrate, Jun 23, 2017
    #13
  14. Fortitude Win User
    This is what I'm thinking of doing.

    Backup my files to an external provider that offers unlimited backups, that is versioning. This would hopefully allow me to go back to non ransomeware-compromised files and restore them if necessary. It also serves in storing backups in a remote location (using the 3 2 1 backup strategy). I'm also considering using a combination of Folder Guard with FreeFileSync in order to do backups on an external portable USB drive. If Folder Guard works as advertised, then it would deter an attack on the backup files, plus I would have a portable backup of my data.
     
    Fortitude, Jun 26, 2017
    #14
  15. pparks1 Win User
    Plug in external ocassionally. Run robocopy job to backup data using /mir switch. Disconnect external drive and keep offsite. Best practice, have 2 different external drives offsite.
     
    pparks1, Jun 26, 2017
    #15
Thema:

Sadly, protection from ransomware is not totally possible

Loading...
  1. Sadly, protection from ransomware is not totally possible - Similar Threads - Sadly protection ransomware

  2. Ransomware protection

    in AntiVirus, Firewalls and System Security
    Ransomware protection: That ransomware protection that Windows Defender has might a little to over-protection. When turned on: It will not access save games from Origin and other EA games Uplay seems not the problem I find it really necessary to share this information. It seems like Win Defender...
  3. Protection Against Ransomwares

    in AntiVirus, Firewalls and System Security
    Protection Against Ransomwares: Does the Microsoft know all about ransomware? Microsoft's persons can catch them but...deal [Original Title: Protactions] https://answers.microsoft.com/en-us/protect/forum/all/protection-against-ransomwares/9dcfe6bc-8fa9-424d-a8cb-488a7095f186
  4. Protect yourself from Ransomware

    in Windows 10 Ask Insider
    Protect yourself from Ransomware: https://www.windowscentral.com/how-enable-controlled-folder-access-windows-10-fall-creators-update submitted by /u/wclinch [link] [comments] https://www.reddit.com/r/Windows10/comments/fc4dp3/protect_yourself_from_ransomware/
  5. How-To Geek - Protect Your Files From Ransomware

    in AntiVirus, Firewalls and System Security
    How-To Geek - Protect Your Files From Ransomware: Windows 10 Build 19551 First, I received a How-To Geek email that linked me to this, which I read: Do You Need Anti-Ransomware Software for Your PC? Within the article was a link to this, which I also read and followed: How to Protect Your Files From Ransomware With...
  6. Sub-folders in ransomware protection

    in AntiVirus, Firewalls and System Security
    Sub-folders in ransomware protection: I want to add a folder with sub-folders in it to be protected with Windows 10 ransomware protection. Is enough to add the root folder in ransomware protected folder options in order that all of its subfolders are also protected? Or do I have to add each sub-folder...
  7. Ransomware protection on networks

    in AntiVirus, Firewalls and System Security
    Ransomware protection on networks: I don't have a specific problem as much as a concern. There has been a lot of media attention to Ransomware lately, including infecting all systems on a network. We have several computers connected to a home network. All of the main systems run W10 (except for a couple of...
  8. Ransomware protection on networks

    in Windows 10 Support
    Ransomware protection on networks: I don't have a specific problem as much as a concern. There has been a lot of media attention to Ransomware lately, including infecting all systems on a network. We have several computers connected to a home network. All of the main systems run W10 (except for a couple of...
  9. Bug in Ransomware Protected Folders?

    in AntiVirus, Firewalls and System Security
    Bug in Ransomware Protected Folders?: I have a list of 13 folders (from different drives) in the Ransomware "Protected Folders" feature. Although the feature can be disabled completely, while enabled I can only remove 2 of the "Protected Folders" on the list. I cannot remove/delete the others. I tried...
  10. Ransomware Protection?

    in AntiVirus, Firewalls and System Security
    Ransomware Protection?: Been visiting a website that discusses ransomware and all of the nasty things that can happen, starting to make me paranoid. Data files are backed up and stored offline, but still...So, I am looking for a quality anti-ransomware software package. As I am new to this concept,...