Ransomware

[TylerM4]

Do you know what it is? How it works/operates?
Microsoft has a pretty good article explaining it: https://www.microsoft.com/en-us/securit ... mware.aspx

Ask any IT professional "What's the worst type of malicious software" and most will tell you "Ransomware".

Ransomware has EXPLODED over the last few years and is easily the most profitable internet scam/crime going on today. Most people know the basics. Ransomware locks files and you have to pay to get them back. What many people don't know is just how effective this type of attack is and how hard it is to protect against it.

Bring a PC that's been attacked via ransomware into a computer repair shop and they'll say you have 2 options:
1) Pay the ransom (90% will do this).
2) Wipe all data from the computer (including your files) and start over.

How does it work? To keep it short - Ransomware once installed on your computer encrypts every multimedia file accessible via your computer. Documents, pictures, videos, etc. The encryption is unbreakable for the common man and files can only be recovered if you have the encryption key. To get that key, you must pay a ransom to the baddies. The ransom varies but is usually a few hundred dollars for the average Joe.

Why is ransomware worse than a typical virus infection? For 2 reasons:
1) Your documents, pictures, and home videos are the only data on your PC that can't be replaced. Most virus infections leave your data alone so the preferred "repair" is to backup your files then wipe the PC and reload windows and your apps. In the case of ransomware this process will remove the ransomware software, but your files will still be encrypted and you'll still need to pay the ransom to get them back.
2) Ransomware targets all files your PC has access to, not just what's stored on your primary hard drive. Many people don't take this into consideration when designing their backup solution. If your backup strategy involves copying data to a online secondary hard drive, or to Network Attached Storage (NAS) then your backups will also be compromised. To protect against Ransomware your backups must be offline and/or read only (such as burnt to a DVD). Even offline backups need to be treated carefully as you need to bring them online to refresh/update and could be compromised at that time.

Anyway - long story short. IMO Ransomware is the biggest malware threat on the internet right now and I encourage everyone to understand what it is and how you can protect against it.

[ken531a]

use a program like sandboxie when you are on sites that maybe a little bit ify. if they try to nail you ,you simply delete them and there is no damage.

[monroe]

Mbam and others like Eset have been working on their version of an Anti-Exploit component to their antimalware suite.

Not sure if its just base on heuristics or beefed up signature updates to their scanning engines. For the most part, from what we hear, Mbam seems to be the best newest solution out there.


As a side note - we've heard that whenever someone gets hit, the encryption key for that victim could actually kept on their computer.

Years ago, there used to be a standard set of keys that started to ciruculate and many pc repair shops had. You could also find them online. Not so anymore.

[gman313]

it is fascinating stuff

Years ago a bunch of geeks sat in their moms basements seeing how far they could get a virus to go.

Now it is government sponsored (Russia, china) and big big dollar business.

[GordonH]

Bumped Up

What kind of sick person does a ransomware attack on a Hospital, especially one for children.

https://www.castanet.net/news/Canada/40 ... -activity-

[Sonny Taylor]

Get your backups OFFLINE and not visible or connected to your machine. Keep copies offsite if you can too. So much more could be said about that, but that's a practice going way way back in computing. In the corporate world in the past (likely still is) it was known as a part of datacenter "Disaster Recovery".

Protect your crucial data. The machine can be rebuilt.

[DataCruncher]

Get your backups OFFLINE and not visible or connected to your machine. Keep copies offsite if you can too. So much more could be said about that, but that's a practice going way way back in computing. In the corporate world in the past (likely still is) it was known as a part of datacenter "Disaster Recovery".

Protect your crucial data. The machine can be rebuilt.

[Sonny Taylor]

Here we go again.

Copper Mountain mine near Princeton targeted in ransomware attack

https://www.castanet.net/news/Penticton ... are-attack

[GordonH]

Bumped Up

What kind of sick person does a ransomware attack on a Hospital, especially one for children.

https://www.castanet.net/news/Canada/40 ... -activity-

Follow up of the story I posted in quote above.

https://www.castanet.net/news/Canada/40 ... ids-attack

[DANSPEED]

I think I'm safe. I have AiProtection enabled in my ASUS router. Important folders/files get backed up daily to my NAS and my system is imaged weekly with encryption to my NAS. Those backups on my NAS are again backed up daily to external drives with encryption. I have Controlled Folder Access enabled and Windows security is set to real-time protection. M$ suggests using a secure, modern, browser such as Edge.

[Urban Cowboy]

I think I'm safe. I have AiProtection enabled in my ASUS router. Important folders/files get backed up daily to my NAS and my system is imaged weekly with encryption to my NAS. Those backups on my NAS are again backed up daily to external drives with encryption. I have Controlled Folder Access enabled and Windows security is set to real-time protection. M$ suggests using a secure, modern, browser such as Edge.

I thought any attached storage such as NAS is in danger because it's attached to the infected computer?

I use a NAS as well as a couple of other computers that get backed up to every night from my main computer but everything is on the same home network.

Is there some advice you have to protect them?

I do also back up my Music, Photo, Documents, and Video directories onto a USB drive every few months and it's not connected to anything so I know what's on it is safe.

[DANSPEED]

I thought any attached storage such as NAS is in danger because it's attached to the infected computer?

Windows user accounts only have access to my mapped drives. External drives attached to my NAS used for backups aren't accessible in Windows unless I give permission in my NAS. Macrium Reflect needs permission to access my NAS and the drives or folder(s). Backups on my NAS copied to external drives are scheduled ran from my NAS and not from Windows. If ransomware can access those drives from Windows somehow then I guess I'm open to attack.

[Urban Cowboy]

I thought any attached storage such as NAS is in danger because it's attached to the infected computer?

Windows user accounts only have access to my mapped drives. External drives attached to my NAS used for backups aren't accessible in Windows unless I give permission in my NAS. Macrium Reflect needs permission to access my NAS and the drives or folder(s). Backups on my NAS copied to external drives are scheduled ran from my NAS and not from Windows. If ransomware can access those drives from Windows somehow then I guess I'm open to attack.

I use SyncBack on my PC to run scheduled incremental backups to my NAS as well as two other PC's one attached via CAT5 to home network and the other attached by wireless.

[DANSPEED]

I use SyncBack on my PC to run scheduled incremental backups to my NAS as well as two other PC's one attached via CAT5 to home network and the other attached by wireless.

Just don't map your drives with your NAS admin credentials. I created a user account on my NAS that I use in Windows to access the NAS. I can deny or allow R/W access to each NAS drive or sub folder or connected drive. QNAP also allows me to hide network drives. So the external drive I copy backed up images onto isn't even seen over the network. What you don't want to do is backup ransomware or any other virus. I also do incremental backups from Windows daily but also image my entire system weekly with five rotations, something like 200GB an image. If I lose my drives I can pxe boot into Macrium Reflect on my NAS and restore my system over the network. Offline is the best but hopefully ransomware doesn't hit my NAS.

[Urban Cowboy]

Thanks for the info.