Just a quick question for curiousity sake. Some encrypting ransomeware variants focus on files with well known extensions (i.e. xlsx, doc, txt, png, vhd). What would be the chances of using some encrytion method (pick one) and using it to change all the extensions within a backup to prevent encryption? If the file type is not on the list of items to encrypt it should (theoretically) be ignored.
It's very much a cat and mouse game. The ransomware wants to find and encrypt your "valuable" (irreplacable, victim-generated content) files as quickly as possible. Today, the file extension filter will work "good enough" against most victims. If you change the file extensions on your valuable file(s) to unknown extensions, you'll likely "fly under the radar" until the ransomware is updated to check for file signatures. Checking for file signatures will slow the ransomware down considerably (opening files is expensive). If you encrypt your valuable files and change the extensions, the ransomware will not be able to discern any file signature and hence will have no idea what type of file it is. Another version of the ransomware may opt to encrypt ALL unknown files (super inefficient and slow for the ransomware) -- not to mention, an increased risk of breaking Windows so victims cannot even start their computer to see they have a ransom note/payment instructions. Of course, those challenges are not insurmountable, but the criminals want to steal the easiest way possible.
Bottom line, you'll probably find it best to maintain a tight leash on who/what has write access to your backup media and you may want to keep the backup physically detached/secured from the network when not in use.
Edited by adamforum, 28 September 2015 - 12:04 AM.