Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do you use Image backups to protect yourself from ransomware/virus/malware?


  • Please log in to reply
9 replies to this topic

#1 JDawes

JDawes

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 13 June 2018 - 04:28 PM

I work with some folks who are so ridiculously venerable to malware that it is scary.  Many of these folks don't run backups and most have no idea what malware is or how to recover from an attack.

 

I am in the IT field and understand what these things can do to your system and ultimately, your data.  It simply amazes me how many folks rely solely on anti-virus or anti-malware software instead of using image-based backup to recover from an attack that can slip past anti-virus and anti-malware software.

 

Rather than spend a lot of time trying to "clean" an infected system, I prefer to recover a clean image image over-top of an infected volume and be done with it.  With this method, it's like stepping back in time to before the infection happened.

 

If you are not already utilizing image backup as a safety net to recover from such an attack, do yourself a favor and look into it.  Also, keep in mind that it's not enough to simply create backups.  You have to remember that with many viruses, anything attached to your system or network can be venerable.  When planning for recovery with this method, you MUST backup to media that can be ejected (think tape or hot-swap drive) or disconnected (think external hard drive or USB drive). 

 

I worked with a client a while back who had a firewall, had anti-virus and was good about creating backups, and multiple backups at that, but wrote them to a networked storage...   They were infected with ransomware and the virus made its way to the backups before it was realized, rendering them useless.

 

So, my question to you is, what is your plan to recover from virus, malware or worst- of-all, ransomware?


Edited by hamluis, 13 June 2018 - 06:22 PM.
Moved from Backup/Imaging to General Security - Hamluis.


BC AdBot (Login to Remove)

 


#2 eLPuSHeR

eLPuSHeR

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 14 June 2018 - 04:37 AM

Backups are a very useful and powerful thing either for recovering from any malware attack or any other everyday disaster. On top of that, making a full backup using a tool such as Macrium Reflect Free is easy and very fast.

 

I cannot stop stressing how important backups are.



#3 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,315 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:10:55 PM

Posted 14 June 2018 - 06:28 AM

Although there are plenty of things that do not require a full system image to "recover" from, there are times when a full system image is the only thing that will do.

 

Given that the price of external HDDs (and I prefer the pocket sized ones that are USB powered, even for desktops - they seem to hold up better in my experience) large enough to back up the typical home user's system has fallen below $100 (often more like $50 for a 1 TB drive) there is just no excuse not to have the cheap insurance that is a regular full system image backup.

 

Good luck convincing people of that, though.   I learned that lesson the hard way when I was young and naive.  I have never since needed one to recover from a disaster, but have used one to recover from an update gone very bad (which, I hasten to add, is a very unusual occurrence).

 

You still need to have them.  Far better to have them and not need them than vice versa.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

     Presenting the willfully ignorant with facts is the very definition of casting pearls before swine.

             ~ Brian Vogel

 

 

 

              

 


#4 midimusicman79

midimusicman79

  • Members
  • 793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:04:55 AM

Posted 14 June 2018 - 06:57 AM

Hi, JDawes and Welcome to BC! :welcome:

 

Personally, I use Acronis True Image 2018 (paid) for disk imaging, which includes a real-time Anti-Ransomware protection module, and gradually, more and more disk imaging software feature such protection, which certainly does not do any harm. :thumbup2:

 

On a side note, I use a combination of several active and passive multi-layered security software and web browser security extensions, which BTW is outlined in another topic, and its title is self-explanatory: Share your security configuration!

 

Additionally, I follow the rules in quietman7's pinned topic in the Anti-Virus, Anti-Malware, and Privacy Software forum; Answers to common security questions - Best Practices

 

Finally, I also practice safe computing and browsing.

 

Regards,

midimusicman79


MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with CanDef, uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#5 Allan

Allan

  • BC Advisor
  • 8,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:10:55 PM

Posted 14 June 2018 - 08:03 AM

I've always been a huge advocate of disc imaging -- been using Acronis True Image since it was first introduced (prior to that I used a product called "Fastback" and created images to 5 1/2" floppy discs). I image my system partition every week or two to a second internal drive and every couple of months to an external drive. I also create an image of my primary data drive (which on my systems contains "My Documents"). I don't do this because of the fear of ransomware or malware, but rather because "stuff happens" (though protection from an infection is certainly a great benefit). Like Brian above, I've had updates that prevented the system from booting and the only way back in was to boot an Acronis CD and restore an image. In fact, last year Microsoft released a W10 roll-up update that was toxic to one of my systems and if I didn't prevent it from installing I had to restore an image in order to boot.

 

Bottom line, it simply doesn't make sense NOT to use disc imaging software on a regular basis.



#6 ranchhand_

ranchhand_

  • Members
  • 1,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:09:55 PM

Posted 14 June 2018 - 09:21 AM

I would hazard an off the cuff, conservative estimate that at least 20% of the help request posts in BC would disappear if the posters would make image backups weekly. They know they should, but "are just too busy". Forget clones...why mess around with something that is more detailed and prone to failure? A complete image does the job and an hour later the poster is back up and running like nothing happened.


Help Requests: If there is no reply after 3 days I remove the thread from my answer list. For further help PM me.


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:55 PM

Posted 14 June 2018 - 12:01 PM

JDawes:

 

I think that you may have already surmised that those of us who volunteer here at Bleeping Computer have seen many people who have lost precious data (photos, videos, correspondence, work, study projects, etc.), due to malware attacks or because of hardware failures.

 

Personally I image all partitions on both of my computers weekly, alternating between the paid versions of Easeus Todo Backup Home 11.0 and Macrium Refelct 7.1.  Thankfully I have never been the victim of a malware attack, but I have had to resort to recovering from backup images because of a bad Windows update, and about five or more years ago, when Acronis True Image issued a bad update that rendered both of my computers unbootable.  That evidently ended my relationship with Acronis! :(

 

You can never have too many backups and I am quite happy to invest the necessary time to backup up my computers.  Of course, you can always schedule backups as well, so you don't even need to be there.

 

So many computer disasters could have been prevented by simply implementing a sound backup strategy.  Unfortunately as Brian stated, it is an uphill battle convincing people of that obvious fact.

 

Just my two cents.  Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#8 JDawes

JDawes
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 14 June 2018 - 01:36 PM

I find that it is difficult to convince some folks of the importance of backups until they have suffered a data loss scenario.  At that point, they come around to the idea, but at a cost....

 

I have been using a paid software, UltraBac, for quite a few years now for my image backups.  I like it because of the flexibility in terms of backup & recovery options/features.  I just have it scheduled to image by PC and my kids' PCs, so all I have to do is rotate media in and out of the safe once per week.  I have successfully used it to recover both my own computers and those of my clients as well.  I tested the evaluation version of Acronis True Image as well, but didn't like it as much, especially when trying to mount and select multiple files for restore from the image, as it got really slow to respond.  In all fairness, I suppose it could have had something to do with only having 8GB of memory in the test system, but that should be enough for a PC.  :-)

I also use a paid version of EaseUS data recovery for when a drive fails and there is new data on it since my last image. 

 

I have been using the Avast free version for my home PCs since it was recommended to me by my college instructor, but don't completely rely on it or any anti-virus/anti-malware software alone.



#9 midimusicman79

midimusicman79

  • Members
  • 793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:04:55 AM

Posted 15 June 2018 - 09:00 AM

Hi again, JDawes!

 

You are welcome on behalf of the Bleeping Computer community! :)

 

Regards,

midimusicman79


MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with CanDef, uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#10 rp88

rp88

  • Members
  • 3,067 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:55 AM

Posted 16 June 2018 - 06:15 PM

I wouldn't backup files to an image like this, easier to back them up as individual files (back up newly edited or created files at the end of each day you've worked on those files) to multiple places. But having image backups for fixing your operating system and installed programs in the event of a crisis is extremely prudent. I swear by doing this for my windows system, making a few good backups of the full system when you know it is in a good state. I'm still trying to work out how to replicate the same thing on linux, but know it would be really good to have.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users