Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[hake]

Brian Krebs has an article on this at:
http://krebsonsecurity.com/2013/11/how-to-avoid-cryptolocker-ransomware/

He provides a URL to the author of preventative software CryptoPrevent:
http://www.foolishit.com/vb6-projects/cryptoprevent/

[kitz]

This sounds really nasty.
Dont like how it can also spread over a network and can also render all backups useless too

I see the US seem to be taking it pretty seriously.
http://www.us-cert.gov/ncas/alerts/TA13-309A

 

[sevenlayermuddle]

It's always ocurred to me that any truly malicious malware would be able to trash network (or USB) connected backup drives.

I think it lends merit to my own backup strategy, whereby everything that needs backed up is made visible to a separate Linux (of course  ) server, which springs to life at 2am every morning, awakening then archiving the PC and the MAC.   The server itself is fairly well locked-down, the PC and MAC have no write-access to the backup directories so it would be hard for malware on the PC/MAC to damage the archives.

Malware on the server could of course trash the server, all its on archives, the MAC, and the PC.   But since it is not used for web browsing, email, or other GUI-related activities I feel a malware attack is less likely and the balance is in my favour.

Then again, the words 'tempting' and 'fate' ring in my ears as I write this...

[kitz]

I must admit Im a little concerned. 
I have backups (NAS) of my backups (removable drive) of my PC,  but they are all on the same network so that the backup procedures can run 

[sevenlayermuddle]

Depending upon how much data is involved, a copy on a DVD (or Blu Ray), stored in the garden shed, ought to present a challenge to the villains?

[c6em]

Any "proper" backup set of procedures really needs the backup disc(s) only connected for the duration of the backup and then removed.
As well as network share hopping viri this would also guard against a power supply failing with a death surge or lightning strike taking out the computer plus the connected backup drives en-mass.

All this does of course require an almost large corporate IT dept level of organisation and action far removed from your average computer user.

This virus at least does not (yet) seem capable of re-attaching hidden or otherwise invisible partitions which have had their drive letter assignment removed as a precaution when not in use.

122 pages of discussion on it here - if you dare!
http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/page-122

[sevenlayermuddle]

Any "proper" backup set of procedures really needs the backup disc(s) only connected for the duration of the backup and then removed.

I disagree, if infection strikes at the moment the drive is connected then you are still stuffed.   If I were composing such a malware, I would most probably withhold the payload for a while, waiting for a networked drive to apear before striking.

I prefer my own strategy, whereby the precious system (with the data being backed up) does not have write-permissions to the backup, ever.

[kitz]

All this does of course require an almost large corporate IT dept level of organisation and action far removed from your average computer user.

 

a copy on a DVD

I gave up on DVDs years ago and why I saved up for a 1TB removable drive - admittedly about half of it is still free, but its constantly attached as the backups run nightly.
The NAS has 500GB for the 'important stuff'..  dont recall offhand how much is in use.

Guess I need to do some rethinking 

[jack21]

I notice that Malwarebytes Pro  (paid-for edition) claims to deal with CryptoLocker, presumably as it is received and before it can do any damage.

[sevenlayermuddle]

I gave up on DVDs years ago and why I saved up for a 1TB removable drive

I like a DVD copy too, just once in a while.  Influenced a little by the experience of a friend who lost all his posessions in a house fire.  My attitude is I can live with the risk of losing all of my data up to the past few weeks' data, as long it's no longer than that,  then the daily back up (to server) strategy just reduces the likelihood.

I notice that Malwarebytes Pro  (paid-for edition) claims to deal with CryptoLocker, presumably as it is received and before it can do any damage.

Main worry for me right now is I'm running without any AV at all as licenses expired last week.   On the eve of expiry I bought a new multi-PC boxed copy off Amazon, paying extra for next day delivery.   It hasn't come, and now Amazon won't help, saying 'next-day delivery' isn't tracked and can take up to four days.  But that's a grump for another thread.   

[Ronski]

I use Acronis to back up to my server, and then on my server I have Crash Plan that backs up to the cloud. Hopefully this will at least give me access to fairly recent copies of my data.

Acronis does a full backup of my C drive once a month, and a backup of the users folder every two weeks. Any users folders stored on the server are backed up in real time.

Of course the only problem with this is how long it will take to get the data back, even though I have fibre I doubt a download from Crash Plan will max my connection out. The bulk of my data won't be urgently needed though, so not a major problem. As a backup to that I do have a couple of hard drives stored off site that have a lot of stuff backed up to them, but I tend to forget to do that regularly - hence why I started using crash plan.

Oh, and all my PC's have the WHS2011 backups done daily, but last time I tried to restore one of them it didn't :-(

I also use Dropbox for some stuff that I'm working on, like the code for the logging GUI. Although anything in Dropbox would be affected by CryptoLocker, there are the previous versions, which are available for 30 days.

[kitz]

Ive been having a think.  Having given up on DVDs long ago - I guess I must hoard too much stuff. 
Ive decided the best thing would probably to do another copy of my backup onto a drive and store it elsewhere.
So i'll have a backup of the backup of my backup 


Im pretty sure a 300Gb drive would be sufficient..  so guess what my project this weekend will be.

Not sure about keeping a HDD in the shed though..  but downside if I take it to someone else's house it will only get backed up once in a blue moon :/

[tonyappuk]

Having "played with" Linux for a few years I was wondering whether now was the time to change to Linux as my main operating system. I am assuming Cryptolocker doesn't target Linux yet. Is this true? If it is I am considering using Linux for browsing and email and only using Windows for those programs that I cannot find useable Linux alternatives for. These include MS Publisher (Scribus confuses me!), Excel (I have a large financial prog I wrote years ago using VBA and LibreOffice doesn't import VBA very well) and Access (using LibreOffice seems to need substantial rewrites to generate the queries and reports I use. What does the Team think, please!?
Tony

[sevenlayermuddle]

I'm sure there'll be some recommendations to make more use of linux, they'll be along shortly, and I'm sure they'll be very valid.   

But meanwhile… have you considered OS/X?  It also has a pretty good track-record regarding malware attacks.  Being Unix-based, it benefits from many of the same intrinsic user-permission benefits as Linux.   That should in theory make it harder to attack, although it can never be ruled out - especially if uptake were to soar, making it more worth the bad guys' time.

OS/X may be cheaper than you think too, you need a Mac, but the Mac Minis starting around £500 are not at all bad.  Cute little boxes, silent and cool, and they do the job.    I like mine so much that I feel quite irritated on the odd occasion I have to go back to the XP system, e.g. to make use of some package that only runs on windows.

[roseway]

There aren't any Linux viruses in the wild, and never have been, apart from the odd "proof of concept" experiment. I'm not saying that it's impossible because it isn't, but Linux is certainly a much more difficult target than Windows. If all you want to do with it is browsing and email, then I would say there's no contest. I've been using Linux as my main system for 15 years, and I've never regretted making that decision.