Macrium 6 and Cryptolocker


Author
Message
lovelyjubbly
lovelyjubbly
Proficient Member
Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)
Group: Forum Members
Posts: 131, Visits: 494
LovelyJubbly, that is the program, authored by Winability.                               

Sadly I can't get to that website.

I have BitDefender Free, MalwareBytes Pro, Windows Firewall and Cryptoprevent.

Can't find anything in them that would block them.

Froggie
Froggie
Macrium Hero
Macrium Hero (2.8K reputation)Macrium Hero (2.8K reputation)Macrium Hero (2.8K reputation)Macrium Hero (2.8K reputation)Macrium Hero (2.8K reputation)Macrium Hero (2.8K reputation)Macrium Hero (2.8K reputation)Macrium Hero (2.8K reputation)Macrium Hero (2.8K reputation)Macrium Hero (2.8K reputation)
Group: Forum Members
Posts: 1.6K, Visits: 17K
LovelyJubbly, here's Winability's FolderGuard 30-day TRIAL from my DropBox, and here's their USER's GUIDE (also in my DropBox) if you'd like to play...
Edited 27 February 2015 12:48 AM by Froggie
khmikael
khmikael
New Member
New Member (23 reputation)New Member (23 reputation)New Member (23 reputation)New Member (23 reputation)New Member (23 reputation)New Member (23 reputation)New Member (23 reputation)New Member (23 reputation)New Member (23 reputation)New Member (23 reputation)
Group: Forum Members
Posts: 7, Visits: 73
lovelyjubbly (2/27/2015)

What about password protecting the backup in Macrium, would that do any good?


No.

Password protecting backup files and encrypting them are measures meant to stop unauthorized parties from looking at and restoring the backups.

It would not prevent the backup files from being encrypted by the crypto malware.
Merlin
Merlin
Talented Member
Talented Member (192 reputation)Talented Member (192 reputation)Talented Member (192 reputation)Talented Member (192 reputation)Talented Member (192 reputation)Talented Member (192 reputation)Talented Member (192 reputation)Talented Member (192 reputation)Talented Member (192 reputation)Talented Member (192 reputation)
Group: Forum Members
Posts: 114, Visits: 3.1K

What about password protecting the backup in Macrium, would that do any good?

No. That would stop anyone else from access to the files in the image, but wouldn't stop a rogue program from encrypting it.
Edit: sorry. see it's been answered above me.


Edited 27 February 2015 1:57 AM by Merlin
lovelyjubbly
lovelyjubbly
Proficient Member
Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)
Group: Forum Members
Posts: 131, Visits: 494
Thanks Froggie,

How do ensure Reflect can get to the protected drive/folder?

Seekforever
Seekforever
Master
Master (1.6K reputation)Master (1.6K reputation)Master (1.6K reputation)Master (1.6K reputation)Master (1.6K reputation)Master (1.6K reputation)Master (1.6K reputation)Master (1.6K reputation)Master (1.6K reputation)Master (1.6K reputation)
Group: Forum Members
Posts: 1.1K, Visits: 24K
Drac144 (2/27/2015)
I don't know how those encryption programs work.  I assume it takes them some time to encrypt every file.  Not sure if it possible to notice what is going on and power off the computer to prevent all files from getting hit.  If the program starts on drive C and works its way up the drive letters, it might be possible to realize email or other software no longer works before other files are hit. 

While I keep a copy of my weekly full backup on a normally disconnected external drive, I could lose up to a weeks worth of data if I were to get hit by such a virus.


Cryptolocker doesn't really care about your Windows and apps files themselves. It goes after document type files such as jpegs, xls, doc, and a whole lot of others. Here is probably a pretty good description on how it works, how you can setup your Windows to avoid encryption, etc. Image files are not on the list but you can't rely on that happening forever. OTOH, when you get right down to it, compared to all the PCs in the world, there are more  than enough opportunities for locking files than worrying about image files especially since they are so big.
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Interestingly, they say that shares accessed by the UNC method rather than a drive letter are safe and cloud backups are safe. Again, who knows how long that will last.  You will notice that every solution such as Malwarebytes says to have a backup!


lovelyjubbly
lovelyjubbly
Proficient Member
Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)
Group: Forum Members
Posts: 131, Visits: 494
You will notice that every solution such as Malwarebytes says to have a backup!

Trouble is, the backup could be encrypted then your really hosed Sad

My Client is also using Sugarsync which doesn't have a bulk rollback so you'd have to restore thousands of files manually.

I'll be looking to move all my Sugarsync Clients to Dropbox, they do have a global rollback feature, see here:
https://www.dropbox.com/help/400#rollback

I'm also checking with Soonr who I use for my Corporate Client Backups.

But I'd still love my Macrium Backups to be immune to anyone or anything messing with my Image Backups, except Macrium.

Ie you can't encrypt or maybe even delete except within Macrium...

Seekforever
Seekforever
Master
Master (1.6K reputation)Master (1.6K reputation)Master (1.6K reputation)Master (1.6K reputation)Master (1.6K reputation)Master (1.6K reputation)Master (1.6K reputation)Master (1.6K reputation)Master (1.6K reputation)Master (1.6K reputation)
Group: Forum Members
Posts: 1.1K, Visits: 24K
I'm sure the implication is that you have a secure backup.
Given that the image file is a file I don't see how it can be under the sole control of Reflect in this case. I've used programs where the backup file was intended to be managed by the program but it didn't stop anybody with the proper permissions from deleting the files (and thus screwing up the database).

Cloud-based backup or secondary storage of data files seems like a solution but if you are using automatic syncing it is essential that you have a version capability in the cloud storage. If the file gets modified by Cryptolocker then it will be seen as changed and synced with the cloud causing your good file to be overwritten with an encrypted file. If you have versioning then you can revert to the previous unencrypted version.

Edited 27 February 2015 4:23 AM by Seekforever
lovelyjubbly
lovelyjubbly
Proficient Member
Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)Proficient Member (223 reputation)
Group: Forum Members
Posts: 131, Visits: 494
Cloud-based backup or secondary storage of data files seems like a solution but if you are using automatic syncing it is essential that you have a version capability in the cloud storage. If the file gets modified by Cryptolocker then it will be seen as changed and synced with the cloud causing your good file to be overwritten with an encrypted file. If you have versioning then you can revert to the previous unencrypted version.



The trouble is Sugarsync for example doesn't have rollback, so if you have 20,000 files to re-version, one by one, its not going to be fun.

Worse case scenario, your macrium images are corrupted and you're faced with weeks of manually restoring files.

Dropbox does rollback to an event, so I'll be moving my Clients to them.


Dreamer2004
Dreamer2004
Talented Member
Talented Member (175 reputation)Talented Member (175 reputation)Talented Member (175 reputation)Talented Member (175 reputation)Talented Member (175 reputation)Talented Member (175 reputation)Talented Member (175 reputation)Talented Member (175 reputation)Talented Member (175 reputation)Talented Member (175 reputation)
Group: Forum Members
Posts: 96, Visits: 382
The best protection against Cryptolocker is your own brain.exe!



GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Reading This Topic

Login

Explore
Messages
Mentions
Search