Just hit with a virus that wasn't stopped before it could do some damage. Encrypted/corrupted large number of files and added an extension to the filenames. Most disturbing is that it got at my external HD and corrupted all Paragon backup files too.
Is there a way of making these backup files Read Only during the backup process to avoid this damage?
TIA.
you can add password protection, but i do not know if that protects them from "encryption-on-top-of-that", because you could add these files to a ZIP file, and encrypt the zip file, and this may be what ransomware is doing
i have several external drives, ones that i only connect at time of backup, to do the paragon image backups to them,a nd then turn them off. ransomware encryption has been my concern, which is why i do it that way.
do you have any of the image backups stored somewhere else; did it corrupt all your backup files?
Thanks for your time aoz987.
It did corrupt all backup files that were going to external (USB) drives.Originally Posted by aoz987
I wouldn't be able to unplug/plug the backup drives since the incrementals are scheduled for 4:00 am at the office.
is ther any way you can get that machine back to a workable state?
re: incrementals -
one way to do this would be to put the external usb's on a TIMER, they turn on at 3:50 am, and turn off at 4:50 am, that would be some protection..
hopefully they auto-mount corectly; if they do, then that means that your drives are only connected for 1 out of 24 hours. THAT might help, BUT, if machine is on all the time, and ransomware is present, it may detect a new mounted drive
Microsoft windows 10
https://blogs.technet.microsoft.com/...t-gen-defense/
has some type of "file change detection" for ransomware, you might look at this
It is in a workable state. But a very large number of files were corrupted/encrypted. Some of those were in OneDrive or Google Drive and weren’t affected, but a lot weren’t. Bad situation.
that is a bummer. That is why i do use removable drives that can be unhooked.
ONE WAY, once you get this back up and running, is to do the backups as you are doing, but then attach a removable USB drive, and MIRROR your current backup drive. Actually you only MIRROR it once you make sure all files on current main macihne and backup machine are OK, not encrypted.
THEN, if ransomware hit the machine at night, and you've mirrored the external drive a couple days ago, you could unhook everything from the internet, boot from paragon recovery, and recover image/backups from a couple days ago, and hopefully you yave all current stuff (working files) saved to onedrive or google drive.
I have actually started using CrashPlan, as a cloud backup, back up all my data files, runs in background (unlimited, for about $10.00 per month). you could do same with google or onedrive (siimilar costs)
I use a program called Syncovery, to clone files to the cloud, to google, etc, because it can encrypt on the fly.
ALSO, it has a "ransomware detection method", whreby if more than "x" percent of files being copied are CHANGED, then it halts the operation, tells you this message, and you have to confirm to continue
(I use this in addition to paragon)
Thanks again aoz987. Those cloud suggestions are helpful. Even though OneDrive, Google Drive and Dropbox were connected and looking like regular drives in Windows Explorer, none of those files in the clouds seems to have been affected. Either it didn't get that far before it was shit down, or the cloud is immune to virus attacks. I'd like to know about that but it's been hard to get complete information from those companies so far.
I do remember that at some a Microsoft technician said something to the effect of "a virus can't get at OneDrive" though I'm not 100% sure that's what he was saying.
Bummer indeed.
right NOW, I don't believe ransomware sees the cloud as drive letters. BUT, if you had automatic file uploads, to the cloud, and if the cloud is not storing VERSIONS of the files, then it can be susceptible also. depends on whether the uploads are automatic or not
It's what I'm trying to find out... OneDrive is set to auto sync certain folders but it doesn't look like those files got 'up there'. Still going through it all though.
Posting Permissions
Reply With Quote