+x JoeZ - 14 December 2017 12:59 PMI understand that M.I.G. locks Reflect images so a ransomware can't alter it. But if the ransomware altered essential disk system files (where the image is stored)- is it possible that booting up with a rescue media won't be able to get access to the other drive that the image is on?Joe
+x Nick - 14 December 2017 1:31 PM+x JoeZ - 14 December 2017 12:59 PMI understand that M.I.G. locks Reflect images so a ransomware can't alter it. But if the ransomware altered essential disk system files (where the image is stored)- is it possible that booting up with a rescue media won't be able to get access to the other drive that the image is on?JoeHi JoeThanks for posting. There are no system files that prevent a file being read unless you are referring to the NTFS Master File Table (MFT). The MFT effectively *is* the file system, it's created when the volume is formatted and provides directory navigation, individual file and folder properties and data pointers. MIG protects against file encryption by preventing processes from writing to a Macrium backup files. This is the attack vector used by the vast majority of Ransomware. Encrypting the MFT is a completely different attack vector and is effectively whole disk or volume encryption. Volume encryption is a whole different beast and Windows 8/10, with UEFI secure boot, has safe guards to prevent this kind of attack. Older Windows installations and PCs are still vulnerable but file encryption is by far the most common Ransomware target.