Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backups without drive letters


  • Please log in to reply
9 replies to this topic

#1 Uselesslight

Uselesslight

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Armstrong, BC
  • Local time:03:35 AM

Posted 07 July 2015 - 06:53 PM

In researching how ransomware works, it's disconcerting that the infection can propagate to removable media and network shares that have mapped drive letters.  What I was wondering, is if there is an easy solution to allow a Windows SEVEN PC to backup to removable media without a drive letter.  I've done some searching on google and I can only seem to find information on it for using Windows Server, which I already know doesn't use drive letters for some types of backups.  We're concerned with a recent influx of ransomware infections on customer's PC's and we just want to make sure that they have secure enough backups so that when they happen it isn't a total loss.

 

Thanks


Edited by hamluis, 15 May 2017 - 05:12 AM.
Moved from Win 7 to Backup/Imaging - Hamluis.


BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 33.0886 S, 147.1494 E


  • Members
  • 5,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 PM

Posted 07 July 2015 - 07:09 PM

Have you given any thought to RollbackRx  ?

 

I have no idea if it is feasible in your scenario....it has paid and free versions. I currently use the free version, and it works .


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT EXCLUSIVELY... NO DUAL BOOT, NO VIRTUAL MACHINE

 

 

 Failure is not an option. It comes bundled with your Microsoft product.

 

 

 


#3 hamluis

hamluis

    Moderator


  • Moderator
  • 53,192 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:35 AM

Posted 08 July 2015 - 06:33 AM

Curious as to why you are focusing on the drive letter designation....they are always changeable, except for the fact that any Windows partition booted into will always be C:.

 

Louis



#4 Uselesslight

Uselesslight
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Armstrong, BC
  • Local time:03:35 AM

Posted 08 July 2015 - 02:38 PM

It looks like ransomware infections are able to spread and encrypt files on mapped network locations and mapped drive letters on removable storage.  If there's a way to remove the drive letter from removable storage, then does it not make sense that the infection would not be able to spread to the removable storage and encrypt the backed up contents?



#5 Scoop8

Scoop8

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas TX
  • Local time:05:35 AM

Posted 08 July 2015 - 03:55 PM

Uselesslight

 

I don't know of a way to backup data to an unmounted (unassigned drive letter) drive on a typical PC but one way that you could keep a backup drive physically connected and use it for backups is to manually mount the drive before you back up data to the drive and then dismount the drive upon completion of the backup activity.

 

That may be an option to consider in situations where one would like to keep a backup drive physically connected to a PC if connectivity to the USB, eSATA, etc,  cable[s] aren't easily accessable on the PC.

 

Another way would be to automate the procedure, with a Task using Windows Task Scheduler, or a script.

 

For example,. Diskpart could be used to mount and dismount a backup drive.

 

Something like this would work in Diskpart:

 

list volume

(Mount script)

select volume #
assign letter=x
exit

 

(Dismount script)

select volume #
remove letter x: dismount
exit

 

 

I have a "Diskpart Mount" batch file that will do that but I rely on redundant backups for protection against encryption ransomware.

 

I have one continuously-connected portable USB drive that I use for my automated specific-item backups.  That drive is vulnerable to encryption malware so I also backup up the same items to a couple of Flash Drives manually.

 

I'm using a script to back up with the Flash Drives to eliminate manual drag/drop, copy/paste time and to minimize the time that the Flash Drives are connected to the parent PC.

 

Just my 2¢ on backup plans but I like to use full-HDD backups in addition to my specific-item backups.

 

That way, if I'm affected by malware, failed HDD, user mistakes, bad downloads, bad WU's (Windows Updates gone bad), I can either install one of my Clone HDD's or restore from an Image, either of which was done prior to the point at which the PC was affected my malicious events.

 

My Cloned drives and my Image storage drive are disconnected from my PC for protection against malicious intrusions.  When I Clone or Image, I boot my backup software into RAM to process the backups outside of Windows.

 

As Condobloke mentioned, RollbackRx is a nice option for restoring the HDD to a previous point in time.

 

My take is that you can't have too many backups.  The more full-HDD recovery paths that are available, the more options are present to recover from virtually all undesirable scenarios.



#6 hamluis

hamluis

    Moderator


  • Moderator
  • 53,192 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:35 AM

Posted 08 July 2015 - 04:07 PM

FWIW:  Backup software requires a "destination" partition/disk.

 

That is signaled to Windows and anything installed in Windows...by the partition/drive letter.

 

AFAIK, I can clone a partition or a drive to a disk without a drive letter...based on the premise that said drive will not be attached to the system.  But...the moment I attach it to the system, Windows will give it a drive letter, based on its sequence in being an attached/recognized drive.  That's why, in the case of a drive which has been removed or never attached...the drive letter assigned automatically by Windows will be the next one after all those already assigned to existing drives.

 

So...yes, I can have a drive without an assigned drive letter, made by cloning...sitting on something gathering dust...but, as soon as I attach it to the system, Windows must recognize it as being attached/useful.  It does this by assigning a drive letter, whether we are speaking of a partition on a hard drive or a hard drive used as one partition.

 

Louis



#7 Uselesslight

Uselesslight
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Armstrong, BC
  • Local time:03:35 AM

Posted 08 July 2015 - 05:27 PM

I understand how that all works, I'm quite well versed in the traditional operations of a PC.  I was searching for information outside of the norm that I was unable to find, but thanks for your advice.  I will look into Rollbackrx



#8 Bailifei

Bailifei

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 08 July 2015 - 08:34 PM

I understand how that all works, I'm quite well versed in the traditional operations of a PC.  I was searching for information outside of the norm that I was unable to find, but thanks for your advice.  I will look into Rollbackrx

How about making a USB bootable disk with easeus todo backup, and boot from the USB and restore the system from there?

I assume that booting in this way would not trigger the ransomware? 

And you'd better do a system backup from another system(a clean system), and do a "restore to different hardware". Then you may get rid of the ransomware.



#9 medab1

medab1

  • Members
  • 675 posts
  • OFFLINE
  •  
  • Location:earth
  • Local time:06:35 AM

Posted 15 May 2017 - 05:03 AM

Try Macrium Reflect, free or paid.

Get a real time Anti-Virus program too.

I use both.

No problems at all on my computer. :)

 

edit--- Its better to spend a little money on backup & anti-virus protection than spend $100/hour in a computer shop.


Edited by medab1, 15 May 2017 - 05:07 AM.


#10 RolandJS

RolandJS

  • Members
  • 4,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:05:35 AM

Posted 16 May 2017 - 10:56 AM

"...How about making a USB bootable disk with easeus todo backup, and boot from the USB and restore the system from there?" Bailifei.  Gave me an opening for this idea:  USB or DVD boot your desired backup/restore/clone program and make your backups.  Such a boot bypasses Windows OS and network operations -- until the backups are done; and the computer is rebooted into Windows Normal mode.

I just remembered you mentioned Windows Server, so the above may not be feasible for you.


Edited by RolandJS, 16 May 2017 - 10:58 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald [sevenforums]





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users