How to prevent disk encryption (block ransomware)?

glnz

Member
Member
Messages
37

The Sunday NY Times Week in Review (Jan 4, 2015) had an article about someone’s mother having to pay Bitcoin ransom in a ransom malware encryption attack.

At home, what should I do to prevent a ransom encryption attack, in addition to Avast AV (on my home Win 7 Pro 64-bit and my home XP Pro SP3) or Windows Defender (on my home Win 8.1 Pro 64-bit)?

One of the readers asked whether there’s an app that prevents encryption of a disk or partition unless there’s confirmation at the keyboard (like a UAC prompt). Sounds like a good idea - is there any way for me to add this?

Thanks.


(PS and FYI – I have Windows Defender on my 8.1 because Avast 2015 uses up the entire capacity for hardware-assisted virtualization, which I intend to play with later. Similarly, on my 7, I still have Avast 2015 but I have turned off its “Enable hardware-assisted virtualization” for the same reason. Finally, on my XP, I have Avast 2015 and have left ON its “Enable hardware-assisted virtualization” because, on XP, there’s no interference with HAV. But probably not relevant to my question.)
 

My Computer

System One

  • OS
    Dual boot - Win 7 Pro 64-bit and Win 8.1 Pro 64-bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Dell Optiplex 7010 MT
    CPU
    Intel Core i5 3470 @ 3.2GHz
    Motherboard
    Dell 0GY6Y8 - what would the Intel number be? - Q77 chipset
    Memory
    16GB RAM DDR3 (Four x 4GB)
    Graphics Card(s)
    Intel HD Graphics (on the CPU)
    Sound Card
    Realtek High Definition Audio - and Intel Display Audio
    Monitor(s) Displays
    Dell E176FP - nothing fancy
    Screen Resolution
    1280 x 1024 @ 60 Hz
    Hard Drives
    Two 500GB WDC WD5000AAKX (SATA @ 6GB/sec)

    - External WD My Book 1110 USB device

    - Leftover Momentus XT not plugged in yet.
    PSU
    What means PSU? I'm at sea level
    Cooling
    Ice cubes
    Keyboard
    Noisy
    Mouse
    Basic from Dell
    Internet Speed
    Verizon DSL @ 7Mbps down and 780kbps up
    Browser
    Firefox only with lots of security drives my wife crazy
    Antivirus
    Win 7 Avast Free - Win 8 Windows Defender for now
    Other Info
    Also have an old but important XP SP3 machine still running - Optiplex 755 Desktop w 4GB RAM and 180 GB HD. Used the registry hack to get more updates through "XP Embedded" or "POS" so now the machine rings like a cash register and the CD drawer opens to give change.

My Computer

System One

  • OS
    windows 8.1 Update 1 Pro 64bit
    System Manufacturer/Model
    Pavillion H8-1202
    CPU
    I7-2600 @ 3.4 GHz
    Motherboard
    PEGATRON
    Memory
    8 GB
    Graphics Card(s)
    NIVDIA GeForce GT 520
    Sound Card
    Realtek ALC656GR CODEC
    Monitor(s) Displays
    Samsung SyncMaster S22B350
    Screen Resolution
    1920X1080 32 bit color
    Hard Drives
    Samsung 850 EVO SSD 500GB
    Keyboard
    Razer Blackwidow Ultimate 2013
    Mouse
    Logitech M510
I would recommend HitmanPro wich will automatically before the Cryptolocker can do anything, prevent it from even packing up and getting to ecrypt your HDD/SDD.
 

My Computer

System One

  • OS
    Windows 8.1 Pro x64
    Computer type
    PC/Desktop
    CPU
    Intel i5 4440 Quad Core 3.1GHz
    Motherboard
    ASROCK EXTREME4 Z97
    Memory
    18432 MB (18 GB) DDR3 RAM
    Graphics Card(s)
    NVIDIA GEFORCE GTX 970 STRIX x2 SLI
    Sound Card
    Realtek HD Audio Manager (Integrated Sound Card)
    Monitor(s) Displays
    Samsung S22D390, Oculus Rift DK2
    Screen Resolution
    1920x1080, 32bit ; 1080x1920 (Oculus Rift)
    Hard Drives
    INT1: MTFDDAK256MAY-1AH12ABHA 256GB SSD
    INT2: WDC WD30EURS-63SPKY0 3000GB HDD
    PSU
    EVGA SUPERNOVA 750B1
    Case
    NZXT Phantom 820 White
    Cooling
    CPU: NZXT Kraken X61, Case: Front: 1x 200mm, Rear: 1x 120mm, Top: 2x 200mm, Side: 1x 200mm
    Keyboard
    Logitech Orion Spark
    Mouse
    SpeedLink DECUS
    Internet Speed
    100 MBP/s Download and 10 MBP/s Upload. 8 MS Ping
    Browser
    Google Chrome
    Antivirus
    Malwarebytes Anti-Malware
    Other Info
    Using two programs that modify audio.
    1: Viper4Windows for better sound quality and bass regulations and that.
    2: MorphVOX Pro to modify the voice and use soundboards.
Also an up-to-date and OS without any component store issues- I got stung badly on my old PC when I couldn't repair corruption and there were holes in my defences and I had a few heavy problems. The greatest threat is people still opening suspicious email attachments and getting attacked that way.
 

My Computer

System One

  • OS
    Windows 10 64-bit/ Windows 8.1 64-bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Desktop: Allison Designs by Austin Computers / Laptop: Toshiba Satellite L50-A006
    CPU
    Intel Core i5- 4590/ Intel Core i5 processor 4200U
    Motherboard
    Gigabyte H97M-D3H/ ?
    Memory
    16 GB Kingston at 1600 Mhz/ 4GB
    Graphics Card(s)
    Gigabyte Geforce GTX 760 OC Windforce (2 GB/256-bit)/ nVIDIA GeForce GT 740M 2GB
    Sound Card
    Onboard Audio'
    Monitor(s) Displays
    AOC 2216Vw 22"/ 15.6" Widescreen HD LED Backlit Display
    Screen Resolution
    1680*1050 / 1366*768
    Hard Drives
    2 TB Western Digital Black Caviar Drive (7200 RPM)/ 750GB (5400rpm) with Toshiba HDD Accelerator
    PSU
    Coolermaster 750W VS Series 80+ Gold Power Supply (Desktop Only)
    Case
    Corsair Carbide SPEC-02 Mid Tower Gaming Case (Desktop Only)
    Cooling
    Two Case 120 mm fans and GPU, CPU, PSU cooled by own fans respectively. (Desktop Only)
    Keyboard
    Microsoft Wired Keyboard Desktop 600 (Desktop Only)
    Mouse
    Microsoft Wired Mouse 600/ Toshiba Touchpad and Logitech Mouse
    Browser
    Internet Explorer and Google Chrome
    Antivirus
    Norton 360 by Symantec
The best protection against any kind of infection, especially ransomware is to back your data up on a regular basis. This way, if your pc is really infected, you can simply wipe the system drive plus drives that are encrypted and restore your images of the system and your data partitions. Just make sure you use external drives for your backups and disconnect them after the backup process so they are not encrypted too when/ if a ransomware infects your pc.
 

My Computer

System One

  • OS
    Windows 8.1 Update 1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    self built
    CPU
    AMD FX-8350
    Motherboard
    Gigabyte GA-990FXA-UD7 Rev. 3
    Memory
    16 GB
    Graphics Card(s)
    Zotac GTX 770 Amp 2 GB
    Browser
    Firefox
    Antivirus
    GDATA Internet Security
Altac and others - thanks for your wise suggestions. Question:

If I back up data using Cubby or Sugarsync and I'm hit with a ransomware encryption, is it possible my backups will also be infected? I ask because MAYBE the Cubby or SugarSync backup ALSO appears as a "drive" on my PC.

Thoughts?
 

My Computer

System One

  • OS
    Dual boot - Win 7 Pro 64-bit and Win 8.1 Pro 64-bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Dell Optiplex 7010 MT
    CPU
    Intel Core i5 3470 @ 3.2GHz
    Motherboard
    Dell 0GY6Y8 - what would the Intel number be? - Q77 chipset
    Memory
    16GB RAM DDR3 (Four x 4GB)
    Graphics Card(s)
    Intel HD Graphics (on the CPU)
    Sound Card
    Realtek High Definition Audio - and Intel Display Audio
    Monitor(s) Displays
    Dell E176FP - nothing fancy
    Screen Resolution
    1280 x 1024 @ 60 Hz
    Hard Drives
    Two 500GB WDC WD5000AAKX (SATA @ 6GB/sec)

    - External WD My Book 1110 USB device

    - Leftover Momentus XT not plugged in yet.
    PSU
    What means PSU? I'm at sea level
    Cooling
    Ice cubes
    Keyboard
    Noisy
    Mouse
    Basic from Dell
    Internet Speed
    Verizon DSL @ 7Mbps down and 780kbps up
    Browser
    Firefox only with lots of security drives my wife crazy
    Antivirus
    Win 7 Avast Free - Win 8 Windows Defender for now
    Other Info
    Also have an old but important XP SP3 machine still running - Optiplex 755 Desktop w 4GB RAM and 180 GB HD. Used the registry hack to get more updates through "XP Embedded" or "POS" so now the machine rings like a cash register and the CD drawer opens to give change.
Both pieces of software you mentioned are unknown to me. But to be on the save side I recommend you using a imaging solution like Paragon Backup, EasUs Backup, Acronis True Image... to make images of all the partitions which contain valuable data. Plus I would frequently make images of your Windows drive so in case you actually get hit by a malicious program you can easily restore your Windows system. I'd definitely use an external hd for this. Synching important files as a backup is fine but in case you get hit by a reallly nasty virus you want to have images on an external hd that is not constantly connected to the pc and thus not infected.
 
Last edited:

My Computer

System One

  • OS
    Windows 8.1 Update 1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    self built
    CPU
    AMD FX-8350
    Motherboard
    Gigabyte GA-990FXA-UD7 Rev. 3
    Memory
    16 GB
    Graphics Card(s)
    Zotac GTX 770 Amp 2 GB
    Browser
    Firefox
    Antivirus
    GDATA Internet Security
The best protection against any kind of infection, especially ransomware is to back your data up on a regular basis. ...

... and keep the backup drive DISCONNECTED at all times, except when either making a new backup of a still clean machine or restoring data to a newly cleaned and rebuilt system. If you leave the backup connected or reconnect it to a infected machine you can loose its data as easily as that on the main drive.
 

My Computer

System One

  • OS
    Win 8.1u1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Dell XPS 8700
Yep, as inconvenient as it might seem, backing up your data is the only real protection. AV software, firewalls, malware cleaner... are all ok but without an appropriate backup strategy your data will never be save.
 

My Computer

System One

  • OS
    Windows 8.1 Update 1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    self built
    CPU
    AMD FX-8350
    Motherboard
    Gigabyte GA-990FXA-UD7 Rev. 3
    Memory
    16 GB
    Graphics Card(s)
    Zotac GTX 770 Amp 2 GB
    Browser
    Firefox
    Antivirus
    GDATA Internet Security
This gets into ethics, but the more people pay to 'save' their stuff from criminals, the more criminals target others to get them to do the same. You pretty much condemn another to share your fate.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    Intel Core i7-3820 CPU OC @ 3.80GHz
    Motherboard
    Gigabyte G1.Assassin2
    Memory
    Corsair Dominator 16GB Quad Channel DDR3
    Graphics Card(s)
    Nvidia by EVGA - GeForce GTX 670 4GB
    Sound Card
    On board Creative SB X-Fi
    Monitor(s) Displays
    acer 24" H243H
    Screen Resolution
    1920 X 1080
    Hard Drives
    Main 500GB Hybrid Drive @ 7,200RPM
    Secondary OCZ SSD Vertex 3 Max IOPS
    PSU
    Silent Pro 1000w gold 80+
    Case
    Azza Hurrican 2000
    Cooling
    Liquid CPU cooler & fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Tek Republic Wired Laser Mouse
    Internet Speed
    5ms Ping 5.15Mb/s Download .64Mb/s Upload
    Browser
    Internet Explorer
    Antivirus
    Defender, Malwarebytes

My Computer

System One

  • OS
    Windows 7 Home Premium x64 / Windows 8.1 Pro x64 Dual Boot
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP
    Memory
    8 gigs
    Graphics Card(s)
    Nvidia GE Force 5200
    Monitor(s) Displays
    HP 2009M x's 2
    Screen Resolution
    1600 x 900 x's 2
    Hard Drives
    One internal Western Digital HD 650 GB
    Three external Western Digital HD's - 1 TB each
Back
Top