Are images affected by viruses, malware or encryption/wannacry.


Author
Message
Virginia McGovern
Virginia McGovern
Junior Member
Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)
Group: Forum Members
Posts: 21, Visits: 288
I usually plug in my external hard drive to run a full image backup every week but have been thinking of keeping it permanently plugged in to run automatic backup every day, I was wondering if I did this & I was ever hit with something nasty like wannacry, a virus or malware of any description, would the image/external hard drive be safe or would that too be encrypted/attacked?
Tia,
Edited 27 June 2017 1:07 PM by Bastet
Nick
Nick
Macrium Representative
Macrium Representative (2.3K reputation)Macrium Representative (2.3K reputation)Macrium Representative (2.3K reputation)Macrium Representative (2.3K reputation)Macrium Representative (2.3K reputation)Macrium Representative (2.3K reputation)Macrium Representative (2.3K reputation)Macrium Representative (2.3K reputation)Macrium Representative (2.3K reputation)
Group: Administrators
Posts: 1.3K, Visits: 6.9K
Hi 

Thanks for posting. 

Like all files on your computer, Macrium Reflect backup files are susceptible to being encrypted by Ransomware.  Making sure that your external drive is only plugged in for the duration of the backup is one way to reduce the likelihood of an attack, however, we will be releasing an additional feature to Macrium Reflect called 'Macrium Secure Volumes' in the next few weeks that will protect Macrium files from being attacked by Ransomware. There will be more details available on this functionality closer to the release date. 

Kind Regards

Nick - Macrium Support

Virginia McGovern
Virginia McGovern
Junior Member
Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)
Group: Forum Members
Posts: 21, Visits: 288
Thanks, I look forward to reading about that new feature.
jphughan
jphughan
Most Valuable Professional
Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)
Group: Forum Members
Posts: 2.2K, Visits: 14K
Interesting new feature on the horizon!  But Bastet in the meantime, one way you can split the difference to enable automatic backups and protect yourself from ransomware is to use a disk rotation.  You can swap disks daily or weekly (I wouldn't swap on a longer interval than that since otherwise the backups on the other disk get pretty stale), but that way if you get hit with ransomware, you'll still have the other disk that was offline and contains a backup that's no older than a day/week.  The "Alternative locations" feature even makes this pretty easy to set up.

Virginia McGovern
Virginia McGovern
Junior Member
Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)Junior Member (70 reputation)
Group: Forum Members
Posts: 21, Visits: 288
I might try that in the meantime. Thanks jp.
Drac144
Drac144
Expert
Expert (602 reputation)Expert (602 reputation)Expert (602 reputation)Expert (602 reputation)Expert (602 reputation)Expert (602 reputation)Expert (602 reputation)Expert (602 reputation)Expert (602 reputation)
Group: Forum Members
Posts: 375, Visits: 1.2K

Note that the newest ransomware attack that started yesterday works by encrypting the entire drive.  Previously most ransomware attacked specific file types.  Often backup files like Reflect's were not encrypted.  Since this has changed, it is even more important to keep drives offline when not doing backups.


jphughan
jphughan
Most Valuable Professional
Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)
Group: Forum Members
Posts: 2.2K, Visits: 14K
Drac144 - 27 June 2017 11:31 PM
ote that the newest ransomware attack that started yesterday works by encrypting the entire drive.  Previously most ransomware attacked specific file types.  Often backup files like Reflect's were not encrypted.  Since this has changed, it is even more important to keep drives offline when not doing backups.

Ouch! What's this new one called? And what does it do, display a pre-boot page telling you to use someone else's computer to pay the ransom since you can't boot your own? That scenario would seem especially painful given that lack of a clipboard means you'd have to type a gnarly Bitcoin wallet ID manually, not to mention the risk of messing up even one character causing you to send your money somewhere else. Or have these crooks been thoughtful enough to include the wallet ID as a QR code for victims savvy enough to know what to do with one?
Gork
Gork
Guru
Guru (1.2K reputation)Guru (1.2K reputation)Guru (1.2K reputation)Guru (1.2K reputation)Guru (1.2K reputation)Guru (1.2K reputation)Guru (1.2K reputation)Guru (1.2K reputation)Guru (1.2K reputation)
Group: Forum Members
Posts: 563, Visits: 1.5K
Nick - 27 June 2017 1:53 PM
 we will be releasing an additional feature to Macrium Reflect called 'Macrium Secure Volumes' in the next few weeks that will protect Macrium files from being attacked by Ransomware. There will be more details available on this functionality closer to the release date. 

Nice...  We were only just recently discussing this in a thread in the forums - I, too, look forward to seeing what comes of your efforts on this matter.  For now I'm imaging to an internal drive and running Windows 10 daily under a regular user account which only has read access rights to that drive.


OPs can help other forum searchers by highlighting (✔) an answer that resolves the issue.

Drac144
Drac144
Expert
Expert (602 reputation)Expert (602 reputation)Expert (602 reputation)Expert (602 reputation)Expert (602 reputation)Expert (602 reputation)Expert (602 reputation)Expert (602 reputation)Expert (602 reputation)
Group: Forum Members
Posts: 375, Visits: 1.2K
The name of the virus is Petya. Things are actually even worse than I indicated.  The email address infected users need to use to send confirmation of payment has been disabled so that even if you pay, you have no way of telling the ransomware sender and getting your decryption key.  See article:
http://www.zdnet.com/article/six-quick-facts-june-global-ransomware-cyberattack/

jphughan
jphughan
Most Valuable Professional
Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)Most Valuable Professional (3.1K reputation)
Group: Forum Members
Posts: 2.2K, Visits: 14K
Ugh...  There are some truly strange twists and turns in the ransomware world. I remember reading about one where every infected PC displayed the same Bitcoin wallet ID but didn't show a unique system ID, so even if a victim paid, the bad guys had no way to tell who specifically had paid in order to send unlock codes.  And in an even more bizarre turn of events, some well-known white hat security researcher (his name escapes me right now) managed to get into the bad guys' email account by correctly guessing the answer to their forgotten password security question and began a dialog with them at some other email address he found once he got there.  It turned out they had a bug in their implementation of a crypto API that caused their ransomware to encrypt data in a way that wouldn't decrypt properly, rendering it irretrievable, and they basically said to this guy, "Look, we're going to keep infecting people no matter what, but if you want to help us fix this crypto API bug in our ransomware, at least the victims have a chance to get their data back."  The researcher declined.  What a world we live in....

Edited 28 June 2017 9:59 PM by jphughan
GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Similar Topics

Reading This Topic

Login

Explore
Messages
Mentions
Search