How to protect from ransomware?

Selekt0r said:
<SNIP>
Yes, Crashplan does run on Linux, which might be a good option on an old/low-spec PC. But I've found it to be fine on a modest Windows setup.
Click to expand...
In which case, surely a very stripped down Linux with VNC would be an ideal solution, perhaps run on a box which would otherwise be consigned to the bin? The Linux system and disks are unlikely to be impacted by any virus written to attack Windows.
 
stockhausen said:
I'm not quite sure how a "good backup" will cope with delayed activation.I'm not certain that an "Old PC" will actually run Windows 10, no matter how much HDD you have.

.
Click to expand...

"I bought brand new PC but by the time I got back home it was old".......lol

When I said old I didn't mean really old. I bought it after my i7 920.....And it's already running win10.....So I'm sorted for a wet saturday........
 
not surprisingly, some ransomware can spread via the likes of rdp (and rcp ???)
so it sounds as though for local(non-cloud) backup, the server (you might access with rdp) should have the rotating backup media physically removed
 
mattyg said:
<SNIP>
When I said old I didn't mean really old. I bought it after my i7 920.....And it's already running win10.....So I'm sorted for a wet Saturday........
Click to expand...
Ah, OK, I was thinking more along the lines of the AMD Athlon XP 3200+ running XP SP3 which I still use from time to time.
jpaul said:
not surprisingly, some ransomware can spread via the likes of rdp (and rcp ???)
so it sounds as though for local (non-cloud) backup, the server (you might access with rdp) should have the rotating backup media physically removed
Click to expand...
That still doesn't really get around the problem of a "delayed activation" virus although I guess that may be picked up by up-to-date Anti-Virus software which might spot it.

I would have to say, that Crashplan running on a local fileserver physically connected only while backing up does sound like a good idea.
 
If you are restoring an OS image that is already infected with a delayed activation virus then that is one thing but delayed activation malware won't stop you recovering data files from older backups, etc. and potentially you can run anti-virus on an image'd version of an OS and remove said malware before booting it for the first time though I'd never be entirely sure it was removed that way but you could atleast stop it deploying any ransomware to recover non-executable data.
 
I've reset/Reinstalled Win10 on the backup PC so its nice and clean.

After I've installed crashplan and Kaspersky total security 2017. I will be moving the PC into a cupboard and connecting it to my network via my switch.

Do I need to have a monitor connected. if it downloads an update and restarts. It'll sit at the windows login page. Will crashplan etc still work or do I need to keep signing in....That sounds like a daft question right now. As I'm sure my other PC's still work behind the scenes when I'm logged out!!
 
mattyg said:
I've reset/Reinstalled Win10 on the backup PC so its nice and clean.

After I've installed crashplan and Kaspersky total security 2017. I will be moving the PC into a cupboard and connecting it to my network via my switch.

Do I need to have a monitor connected. if it downloads an update and restarts. It'll sit at the windows login page. Will crashplan etc still work or do I need to keep signing in....That sounds like a daft question right now. As I'm sure my other PC's still work behind the scenes when I'm logged out!!
Click to expand...

the backend and engine of crashplan run as a services, so in theory it should still function without the need to login. You could though setup rdp if it's the pro version of win10, or, setup auto-login.
 
Andy_82 said:
the backend and engine of crashplan run as a services, so in theory it should still function without the need to login. You could though setup rdp if it's the pro version of win10, or, setup auto-login.
Click to expand...

My current issues is the pc's via crashplan can see each other but its stuck on "waiting for connection"
 
Selekt0r said:
If you have a software firewall installed you may need to open up the main network port which Crashplan uses (4242) for inbound TCP traffic. Check out https://support.code42.com/CrashPlan/4/Troubleshooting/Connections_between_computers for this and other troubleshooting tips.
Click to expand...

That seems to have sorted it thanks

I've opened those ports on both machines. It didn't seem to do anything at first but I've woken up this morning and its done 60Gb worth of backups..yay.

Setup wise: I've let it choose what to backup itself.

What SHOULD It really be doing?

If I woke up tomorrow and my PC had gone bang or had been stolen in the night whats best for getting me set back up with all my data?
 
mattyg said:
Setup wise: I've let it choose what to backup itself.
Click to expand...
you do need to confirm what it is backing up, that any folders you might have at root level (i keep media files there), and the likes of appdata folders (containing email folders), plus other obscure locations, are included.
Also perform some restores of data (dry-runs) to make sure it will work if armagedon arrives.


...with the discussion on delayed activation viruses - has any ransomware been delivered yet, in this way ?
simultaneously encrypting data on multiple servers & private machines at a pre-scheduled time, would probably do the most damage and give least possible time for an A/V response.
stuxnet was probably delayed activation but was not a ransomware (just destruction)
Although the data, rather than the hardware, probably has the most value, could you deliver a ransomware to private machines (A la stuxnet) that would render the hardware unusuable if ransom not payed.
 
Last edited:
This may already have been covered in this thread, but I am not wading back through 7 pages (apologies if it has).

I read that one of the most effective defences against ransomware is encryption, for example Bit locker - the theory being that encrypted data cannot be further encrypted.

Is this the case? or an old wives tale?

thanks
 
Selekt0r said:
Yes, Crashplan does run on Linux, which might be a good option on an old/low-spec PC. But I've found it to be fine on a modest Windows setup.
Click to expand...

Would running a backup solution on linux be a good/better option? Would this be any better protecting against ransomware? Ive got some older pc parts that I could cobble together but no windows licence to go with it. I have zero knowledge of linux however which is obviously a fairly large initial stumbling block!
 
Mark M said:
Would running a backup solution on linux be a good/better option? Would this be any better protecting against ransomware? Ive got some older pc parts that I could cobble together but no windows licence to go with it. I have zero knowledge of linux however which is obviously a fairly large initial stumbling block!
Click to expand...

Might be worth having a look at Xpenology - though there are some quibbles as to support for it.
 
I don't get why people are making this so complicated, just use Macrium reflect to an external drive or NAS, it's miles better than Crashplan.
 
You must log in or register to reply here.
Back
Top Bottom