re: How to Protect against Ransomware?

quote:

---

You have no clue what your talking about.

---

What exactly did he post that's incorrect?

While it's not an everyday occurrence, malware does sometimes show up on legitimate websites via ad poisoning.

Keeping a strong backup plan is extremely important as a defense against these types of threats.

quote:

---

There is no such thing as "ransomware resistant backups". Make frequent full backups on portable media and disconnect it when not in use. That's your best bet, promise

---

A disconnected backup is a "ransomware resistant backup." Just because he doesn't know how to word his question doesn't mean he's an idiot. He has perfectly legitimate questions and he's asking for help, no reason for you to be an a-hole about it.

OK, so it looks like the consensus answer is:

1. Subscribe to a Cloud based, automated backup service that keeps past versions of changed files, and / or

2. Buy a few removable storage devices (like external drives or large USB flash drives), rotate the media and make manual backups on a regular basis, and then disconnect the media until the next backup.

quote:

---

...automated backup service that keeps past versions of changed files

---

quote:

---

The only issue I see with this, and possibly any solution at all, is once you have an intrusion like this, if you don't notice it, you could back it up and ruin everything you thought you had....

---

I just did a test recovery of a few 18 month old versions of files from our SOS Online Backup subscription.

This service keeps a surprisingly long archive of changed files. Therefore I suspect that it offers decent protection.

quote:

---

This service keeps a surprisingly long archive of changed files.

---

One uploaded ransomware file, could encrypt your entire backup...

quote:

---

2. Buy a few removable storage devices (like external drives or large USB flash drives), rotate the media and make manual backups on a regular basis, and then disconnect the media until the next backup.

---

I've been doing this for years, with one set of hard drives kept off site. As I have quite a lot of unchanging data, I also periodically compare file contents when I rotate the sets and have a hash database to determine the good file should there ever be a discrepancy. The drives are only ever powered on for backup purposes.

Thinking about ransomware, the bright red LEDs on my USB3 dual dock would alert me to unexpected activity, but the full file comparisons take many hours, which would give malware an opportunity. Back when I was using TrueCrypt, I could have mounted the drives as readonly, but I don't know offhand if that's possible with BitLocker, or Windows in general for that matter. I guess I could use Sysinternals Process Monitor and filter on writes to the backup drives, but offhand I have no idea if they're able to block that sort of monitoring.

quote:

---

One uploaded ransomware file, could encrypt your entire backup...

---

I'm not sure I follow you here. Isn't it typical for online backup services that keep versioned copies to store them read-only? Otherwise, what is the point of keeping versions if the files can be changed?