I must say I found that response underwhelming

Backup to DVD, not with 100 + GB Images.

FTP,  again, I'm not sure this is entirely practical.

I'd like to see something built into Macrium so that there is an option to "lock" the images unless Macrium is manipulating the file.

Although not built into MR, Froggie explained how to do exactly this in the 2nd post in this thread.  It's dead simple to do with FolderGuard.

In my case, the backup of my images is done into a fully protected folder that any RansomeWare task cannot get access to.  I use FolderGuard and any storage device/folder may be protected.  If those attached storage volumes don't have to share lots of access with other processes, this method should protect you.  If they do, then place your images in a specific folder and protect that folder instead.  But remember... that folder will only be protected on the system that has the protecting software installed.  If the attached device/folder is shared, the protection will not be shared.                               

Besides protecting your MR files with FolderGuard, you can also protect other backed up data files with FolderGuard against ransomware type viri.  Simply add the appropriate  .exe to FolderGuard's Trusted List, and then only the allowed processes / programs are granted access to your protected files.  It's dead simple and effective. 

I've used FolderGuard for many years. It's a great program.
http://www.winability.com/folderguard/
                               

Hi - I've read through these replies and have a probably noob question.

If you set the MR backup file as READ_ONLY won't that prevent such apps crypting the file (without first changing the permissions itself)?  That would seem to be an easy way to at least stop most of the problem.  If that is seen as reasonable, is there a "trivial" VB/BAT/Powershell script that someone could post to set the perms as RO after MR has finished?  Are there repercussions of doing this wrt MR and its retention policy, i.e. does a RO file also prevent MR deleting that file when it comes round to recycling space?

Mike
PS: EDIT after looking at how my (Linux-based) QNAP NAS and it's Samba server work (allowing Windows to access it natively through a shared exported folder) I have found that permissions do not work as expected.  I set them on a sample file on the NAS to (UNIX) 444 which is r--r--r-- (read only) and then was still able to edit that file directly from my PC over the mapped drive :-(

So .. the read-only permissions probably only work with true NTFS local drives.  Even setting the owner of the file on the NAS to be a unique person (not the guest or admin) did not help.  The SMB process (and thus so would cryptolocker) still overwrote my file.  The only way I could get it to do this was to change ownership to "admin" which then thwarted any attempt to edit/overwrite the file.  So ... that would seem to be the only way if you are using a NAS, to actually enforce read-only.

Only my backup user has permission to write at the backup medias, some users are allowed to read backup medias!
_No_ admin has write permission!
(as others suggested, offline disks is an additional way to protect your backups).
Software whitelisting helps to keep your system clean.
Regards,
CubaMadre;

While programs like Secure Folder and modifying permissions can help protect your data, you still run into the terrorist paradigm, you have to right 100% of the time, the malware only needs to be right once. We can also go into the situation that nobody can do computer protection that nobody will ultimately find a way around.  So while these solutions offer a benefit, the safest solution is to physically keep a copy of the data off the system. Forgetting about malware, it is always a good idea to have copies stored off-line and off-site in case of lightning strikes or power surges that take out the whole system and fire or theft that takes your whole system period.

Ransomware has become quite a scary type of malware. Everyday we get tickets from our customers worried (some even terrified) of the consequences. 

Here are some tips on how I deal with the ransomware threat.


Education
Most malware infections originate from suspicious emails, websites and installing questionable software.
I've always helped users identify suspicious email and advised them not to open attachments unless they are expecting the email and they know the sender.
Don't stay too long on websites that have questionable content or are full of advertisements. If someone sends you a link don't click on it unless you trust the sender.
Try to avoid installing software unless you have a business/personal need for it and have read reviews. It is also a good idea to test software in a virtual machine first.

Technical
A good spam filter (local or on the mail server) should also help prevent malware and phishing emails getting through. *
A web content filter will help prevent users from visiting websites they shouldn't visit however, if you are not in a business environment this is likely something you won't have available (some ISPs in the UK do provide a content filter). A good parental web filter or modern antivirus should help detect malicious and compromised sites. Sophos offer a free AV with web filtering for home use, I personally use this.
A good firewall that has IP reputation features should help protect your network (more relevant for business). Most malware "calls home" to function or install its payload. Blocking the access to these IP's help prevent further infection. Firewalls appliances from Sophos, Untangle and ThreatStop are good choices. 
Installing an modern antivirus is also a must. Some vendors are now targeting ransomware specifically and are worth a look. 
           Malwarebytes Anti-Ransomware
           HitmanPro
Keep you computer and installed software patched. Especially browsers and use ad-blocking extensions if you can.

Minimising Impact
Log on to Windows using an account without administrative privileges, if you do get a malware infection this should limit the effect. For example If you logon as a domain administrator and get infected, the malware will have full access to all your systems where, if Bob from sales gets an infection it will be limited to the areas he has access to.
Take regular backups and have backups stored offsite. (Thanks SeekForever)
Log file/folder changes on a network share. 

Dealing with an Infection
You only have two option when dealing with modern ransomware:
1) Pay up (not recommended)
2) Restore from a backup.

This is by no means an exhaustive list but it gives an idea of what can be done. If you would like to add to my tips I will happily pin the post for all to see.

* If you wish to discuss firewalls/spam filters etc please open a thread in the watercooler. 

Kind Regards

Stephen

See our reviews on