Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware prevention


  • Please log in to reply
6 replies to this topic

#1 roger675

roger675

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 02 July 2017 - 10:11 AM

New to this topic.  Have the following question.  Have gone through numerous forums etc. on doing backups and to be sure, disconnecting the backup drive from the computer system.  While I'm willing to do this, can I instead use mount and unmount ( with a suitable macro or other timed automatic method) to isolate the backup drive from the computer, and only mount it to do the actual backup or update??

 



BC AdBot (Login to Remove)

 


#2 ranchhand_

ranchhand_

  • Members
  • 1,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:07:30 PM

Posted 05 July 2017 - 07:15 PM

No. Mount and unmount only loads and unloads the drive you are running; it is still connected physically to the main OS. If you want definite protection from hackers and especially electric service failure and electrical spikes, the drive must be disconnected physically from your computer, that is the only safe way. Some users use an external drive and then locally turn it off with its switch and think that because it is "turned off" it is safe. Unfortunately, a powerful electrical spike coming through the feed line can burn out that switch and still damage the item physically connected. That is a remote possibility, but it happens thousands of times throughout the country.

I had a co-worker once who, during a very powerful electrical storm, had a lightning bolt hit his TV antenna. He lost everything physically connected to his mains: refrigerator, TVs, stereo system, computers, you get the picture. Most of them were turned off at the time, but physically connected to the house wiring. Big insurance claim. AND his home had a grounded TV antenna. Go figure.


Help Requests: If there is no reply after 3 days I remove the thread from my answer list. For further help PM me.


#3 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 05 July 2017 - 07:19 PM

If you are using Windows, you might take a look at USBDeview from Nirsoft.

 

http://www.nirsoft.net/utils/usb_devices_view.html

 

It has functionality to disconnect and connect USB drives.

 

The best defense against ransomware is frequent disk image backups, and daily backups of your volatile (personal) data.

 

The second best defense is to test that your backups work.

 

http://www.techrepublic.com/article/disaster-recovery-worst-practices-dont-test-your-backups/


Edited by jwoods301, 05 July 2017 - 07:22 PM.


#4 RolandJS

RolandJS

  • Members
  • 4,480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:08:30 PM

Posted 07 July 2017 - 06:02 AM

"...can I instead use mount and unmount ( with a suitable macro or other timed automatic method) to isolate the backup drive from the computer, and only mount it to do the actual backup or update?..."

Since your question deals with backup and restore routines, I'll limit my comments to that; although Ranchhand's comments should be "listened to" and taken into account:

 

I do not know if there exists presently a ransomware that can re-mount, re-enable, an un-mounted or disabled external hard-drive or a 2nd internal hard-drive, respectively.  I mention a 2nd internal HD because I do something very similar to what you are asking about -- I disable my 2nd internal HD after making my routine backups.  If during our research, whoever first discovers, reads about, a ransomware that can re-mount or re-enable, let us inform the other.


Edited by RolandJS, 07 July 2017 - 06:04 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#5 TambourineMan

TambourineMan

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 07 July 2017 - 07:13 AM

I use a four drive power switch to physically selectively turn the power to four of my SATA drives on or off.  The only slight problem is that these are not hot switches so I have to reboot in order for the computer to recognize a drive for which the power is off.  These are mechanical switches so there is absolutely no way for a ransomware program to turnthe drive on or to access it if the power is off.  http://www.ebay.com/itm/Four-channel-SATA-device-HDD-power-switch-free-shipping-/152600328886?hash=item2387b03ab6:g:~L0AAOSwGIRXcIq0



#6 roger675

roger675
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 07 July 2017 - 08:23 PM

Thanks for all the comments.  Having thought it over, I have decided to go with the tried and true "unplug the bloody drive".  This is primarily due to ranchhand's comments on catastrophic failure due to high voltage incidents.  If I'm going to the trouble of backing everything up, I might as well go the extra mile (inches?) to just unplug the drive.  Yes, it will take longer to do the backup, no way USB can do it as fast as SATA, but then AOMEI does it happily in background, and will also shut down the computer at the end.  And at the same time, I get high voltage protection for free.  

 

I have not found any ransomware that is reported to be able to mount and unmount drives, and I seriously doubt if there is any out there.  Frankly, I would be surprised if there were.  Will inform you is I come across any.  

 

Again, thanks for all comments on this subject.



#7 ranchhand_

ranchhand_

  • Members
  • 1,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:07:30 PM

Posted 08 July 2017 - 07:32 AM

After reviewing your original question and the others' comments here, I feel I must modify my comment; yes, everyone is correct, there is no virus I am aware of that can access a shut down computer. I think you were talking mainly about Ransomeware, which is an infection, not a hacking attempt by a person.

However, I would not trust anything if the computer is active and connected to an active connected and running backup drive. These viruses and hackers are getting far too sophisticated now. It is not beyond the realm of possibility that a skilled hacker who accessed control over a target system could mount a connected and active backup drive connected to that system on a target computer. That's all I was saying, and then I expanded the subject to security of data during electrical problems in the home.

Apologies if I confused the issue.


Help Requests: If there is no reply after 3 days I remove the thread from my answer list. For further help PM me.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users