Ransomware And Encrypted Drives

Forum Moderators: open

Message Too Old, No Replies

Ransomware And Encrypted Drives

lawman

2:36 pm on Jan 28, 2016 (gmt 0)

I took the time to encrypt the external drive where my backup image resides. Then I read where ransomware can encrypt an encrypted drive. Well damn! My solution - I did what I should have done before taking the time to encrypt - unplug the drive when not using it.

engine

2:57 pm on Jan 28, 2016 (gmt 0)

Aye, unplug from the computer when not actually backing up. You cannot have enough verified backups!
If you're feeling really paranoid, while you're running the backup, disconnect from the Net and don't run any applications.

lawman

3:10 pm on Jan 28, 2016 (gmt 0)

Good call engine. I'm feeling more and more paranoid. Now, since I put forth the effort to encrypt, should I unencrypt? It would probably save me 5 minutes worth of time to mount the drive so I can access.

engine

3:36 pm on Jan 28, 2016 (gmt 0)

Encryption helps stop snoopers, but it won't, as you say, stop the ransomware thieves. They aren't interested in your data, encrypted or unencrypted, they are just interested that you send them money to unlock your hard drive.

lawman

3:52 pm on Jan 28, 2016 (gmt 0)

I have a good anti-ransomware app (I mentioned it in another thread) but nothing's perfect.

engine

10:48 am on Feb 1, 2016 (gmt 0)

There you go, Lawman, it can happen to anyone.

Lincolnshire County Council's computer systems have been closed for four days after being hit by computer malware demanding a �1m ransom. Lincolnshire County Council hit by �1m malware demand [bbc.co.uk]

topr8

1:15 pm on Feb 1, 2016 (gmt 0)

There you go, Lawman, it can happen to anyone.

well yes, anyone maybe, but uninformed/untrained public sector/large company workers are more at risk of doing something unwise, i would think.

the main question to ask about the lincolnshire story (apart from that it is somewhat confused) is how on earth could a user on a single workstation cause such trouble just by opening a single email attatchment.

chewy

4:24 pm on Feb 1, 2016 (gmt 0)

Any ransomwear hunters interested in "the" file that started the mess for me?

I happen to have been upgrading a hard disk to SSD and in the process removed my complete hard drive. I know on that drive is an unopened email file that is the one that started the ransomwear process.

Of course, after I was stupid and opened the file on my nice new SSD, I was super lucky and caught it in time (and have good backups) - but my aching-you-know-what - these ransomware bad guys are really really really good at doing their evil.

lawman

5:01 pm on Feb 1, 2016 (gmt 0)

FWIW I unencrypted the disk and just leave it unplugged. I know I'm saving only about 5 minutes but the older I get the less patience I have.