How to protect from ransomware?

[stockhausen]

<SNIP>
Yes, Crashplan does run on Linux, which might be a good option on an old/low-spec PC. But I've found it to be fine on a modest Windows setup.

In which case, surely a very stripped down Linux with VNC would be an ideal solution, perhaps run on a box which would otherwise be consigned to the bin? The Linux system and disks are unlikely to be impacted by any virus written to attack Windows.

 

[mattyg]

I'm not quite sure how a "good backup" will cope with delayed activation.I'm not certain that an "Old PC" will actually run Windows 10, no matter how much HDD you have.

.

"I bought brand new PC but by the time I got back home it was old".......lol

When I said old I didn't mean really old. I bought it after my i7 920.....And it's already running win10.....So I'm sorted for a wet saturday........

 

[jpaul]

not surprisingly, some ransomware can spread via the likes of rdp (and rcp ???)
so it sounds as though for local(non-cloud) backup, the server (you might access with rdp) should have the rotating backup media physically removed

 

[stockhausen]

<SNIP>
When I said old I didn't mean really old. I bought it after my i7 920.....And it's already running win10.....So I'm sorted for a wet Saturday........

Ah, OK, I was thinking more along the lines of the AMD Athlon XP 3200+ running XP SP3 which I still use from time to time.

not surprisingly, some ransomware can spread via the likes of rdp (and rcp ???)
so it sounds as though for local (non-cloud) backup, the server (you might access with rdp) should have the rotating backup media physically removed

That still doesn't really get around the problem of a "delayed activation" virus although I guess that may be picked up by up-to-date Anti-Virus software which might spot it.

I would have to say, that Crashplan running on a local fileserver physically connected only while backing up does sound like a good idea.

 

[Rroff]

If you are restoring an OS image that is already infected with a delayed activation virus then that is one thing but delayed activation malware won't stop you recovering data files from older backups, etc. and potentially you can run anti-virus on an image'd version of an OS and remove said malware before booting it for the first time though I'd never be entirely sure it was removed that way but you could atleast stop it deploying any ransomware to recover non-executable data.

 

[V F]

Ah, OK, I was thinking more along the lines of the AMD Athlon XP 3200+ running XP SP3 which I still use from time to time.

How is that when you're using it?

 

[mattyg]

I've reset/Reinstalled Win10 on the backup PC so its nice and clean.

After I've installed crashplan and Kaspersky total security 2017. I will be moving the PC into a cupboard and connecting it to my network via my switch.

Do I need to have a monitor connected. if it downloads an update and restarts. It'll sit at the windows login page. Will crashplan etc still work or do I need to keep signing in....That sounds like a daft question right now. As I'm sure my other PC's still work behind the scenes when I'm logged out!!

 

[Andy_82]

I've reset/Reinstalled Win10 on the backup PC so its nice and clean.

After I've installed crashplan and Kaspersky total security 2017. I will be moving the PC into a cupboard and connecting it to my network via my switch.

Do I need to have a monitor connected. if it downloads an update and restarts. It'll sit at the windows login page. Will crashplan etc still work or do I need to keep signing in....That sounds like a daft question right now. As I'm sure my other PC's still work behind the scenes when I'm logged out!!

the backend and engine of crashplan run as a services, so in theory it should still function without the need to login. You could though setup rdp if it's the pro version of win10, or, setup auto-login.

 

[mattyg]

the backend and engine of crashplan run as a services, so in theory it should still function without the need to login. You could though setup rdp if it's the pro version of win10, or, setup auto-login.

My current issues is the pc's via crashplan can see each other but its stuck on "waiting for connection"

 

[Selekt0r]

My current issues is the pc's via crashplan can see each other but its stuck on "waiting for connection"

If you have a software firewall installed you may need to open up the main network port which Crashplan uses (4242) for inbound TCP traffic. Check out https://support.code42.com/CrashPlan/4/Troubleshooting/Connections_between_computers for this and other troubleshooting tips.

 

[mattyg]

If you have a software firewall installed you may need to open up the main network port which Crashplan uses (4242) for inbound TCP traffic. Check out https://support.code42.com/CrashPlan/4/Troubleshooting/Connections_between_computers for this and other troubleshooting tips.

That seems to have sorted it thanks

I've opened those ports on both machines. It didn't seem to do anything at first but I've woken up this morning and its done 60Gb worth of backups..yay.

Setup wise: I've let it choose what to backup itself.

What SHOULD It really be doing?

If I woke up tomorrow and my PC had gone bang or had been stolen in the night whats best for getting me set back up with all my data?

 

[jpaul]

Setup wise: I've let it choose what to backup itself.

you do need to confirm what it is backing up, that any folders you might have at root level (i keep media files there), and the likes of appdata folders (containing email folders), plus other obscure locations, are included.
Also perform some restores of data (dry-runs) to make sure it will work if armagedon arrives.


...with the discussion on delayed activation viruses - has any ransomware been delivered yet, in this way ?
simultaneously encrypting data on multiple servers & private machines at a pre-scheduled time, would probably do the most damage and give least possible time for an A/V response.
stuxnet was probably delayed activation but was not a ransomware (just destruction)
Although the data, rather than the hardware, probably has the most value, could you deliver a ransomware to private machines (A la stuxnet) that would render the hardware unusuable if ransom not payed.

 

[martin363]

This may already have been covered in this thread, but I am not wading back through 7 pages (apologies if it has).

I read that one of the most effective defences against ransomware is encryption, for example Bit locker - the theory being that encrypted data cannot be further encrypted.

Is this the case? or an old wives tale?

thanks

 

[Selekt0r]

old wives tale?

This

 

[ChrisD.]

After I've installed...Kaspersky total security 2017

I wouldn't waste your time/money, in built defender is more than good enough.

 

[mattyg]

I wouldn't waste your time/money, in built defender is more than good enough.

In built defender has done me good so far. I was just thinking belt and braces....But then that may be complicating things.

 

[ChrisD.]

It will, aftermarket AV/firewalls cause more issues than they are worth. Windows basic tools are more than up to the task.

 

[Mark M]

Yes, Crashplan does run on Linux, which might be a good option on an old/low-spec PC. But I've found it to be fine on a modest Windows setup.

Would running a backup solution on linux be a good/better option? Would this be any better protecting against ransomware? Ive got some older pc parts that I could cobble together but no windows licence to go with it. I have zero knowledge of linux however which is obviously a fairly large initial stumbling block!

 

[Rroff]

Would running a backup solution on linux be a good/better option? Would this be any better protecting against ransomware? Ive got some older pc parts that I could cobble together but no windows licence to go with it. I have zero knowledge of linux however which is obviously a fairly large initial stumbling block!

Might be worth having a look at Xpenology - though there are some quibbles as to support for it.

 

[ChrisD.]

I don't get why people are making this so complicated, just use Macrium reflect to an external drive or NAS, it's miles better than Crashplan.