The bullet-proof solution to Ransomware?

Discussion in 'other anti-virus software' started by bellgamin, Oct 6, 2020.

  1. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    My computer's security "wall" does not presently include any app to protect against ransomeware specifically. However, I do image my system drive to a stand-alone hard drive 3-4 times weekly & retain images for several weeks.

    My image software is on a USB flash drive that loads on its own, independent of Windows.

    Dumb QUESTION #237-3: Is a clean image a bullet-proof solution to ransomware, even if my computer's boot records are encrypted?

    Dumb QUESTION #237-4: Is there, as yet, any malware that can screw up my computer's bios?
     
  2. Houley456

    Houley456 Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    195
    There is one that I can think of and it is called....Microsoft Windows 10 Update.....Sorry that I am being facetious but the last their major update put my bios sequence out of order...took me hours to find that out.
     
  3. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I had 17 reasons why I never downgraded Win7 to Win 10. Thanks to your post, I now have 18. :isay:
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Assumed here is you boot to the USB drive and run your image backups and only connect the external drive when doing backups.

    Note that if that USB is ever connected to your PC is running Windows, it could theoretically be infected. Booting from read only media such as a CD/DVD is more secure.
    Only if your doing a full drive backup or your have separately done at backup of the MBR. Also separate backup/restores of a UEFI are a bit tricky; a full drive backup resolves that. Ditto for ransomware that encrypts the MFT.
    For a BIOS it would be have to be firmware related. However, there are UEFI malware.
     
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Applying security updates to any O/S is certainly of paramount importance, but not necessarily a bullet-proof way to elude malware.

    BTW, in my own humble experience over the many years, my image backups have saved my bacon far more often than anti-malware software, and other vast security measures I've had in place, not really because of malware infections, but 99% because of some software or other overzealous tinkering under the hood (I often can't help myself :oops: ) I've done that crippled the O/S.
     
  6. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    @itman -- VERY educational reply. Thank you to the nth. This is why THIS forum is the absolute best!!!

    :eek: Uh-oh! Halloween draws near. Shreeeeek!!! :eek:

    The mere idea of a UEFI malware gives me chilblaines. My computer DOES have UEFI vice BIOS. Will restoring a clean, full-disk image fix an impaired or contaminated or dysfunctional UEFI? If not :oops: what (if anything) will..........?

    @WiseVector -- Please take note of this discussion.
     
  7. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Here is an example of UEFI malware reported recently: https://www.wilderssecurity.com/threads/custom-made-uefi-bootkit-found-lurking-in-the-wild.433078/
    Restore of clean image won't fix your BIOS. You would have to flash/update BIOS using your manufacturer's installer.
    Protection:
    1. if you update your BIOS make sure that you get legit updater from manufacturer
    2. password protect BIOS and prevent unauthorized people from physically accessing your computer
     
  8. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Are you saying that someone must have physical access to a computer in order to contaminate its BIOS or UEFI?
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    It's the easiest way for attacker. But since you can also update BIOS from within Windows that option is also possible - to trick user to install modified BIOS.
     
  10. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    Password may not protect BIOS/UEFI, because there may be bugs in UEFI that allows to modify it without proper password and update UEFI capsule cryptographic signature.

    However UEFI malware is very rare and only works on very limited set of motherboards models. It's mainly malware developed by nation-state-backed teams. IMHO it's better to spend your time securing your data against more typical malware and hardware failures.
     
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I agree, it's not worth to worry about.
     
  12. Pablom

    Pablom Registered Member

    Joined:
    Oct 10, 2020
    Posts:
    1
    Location:
    mexico
    Hi everyone, maybe having a backup system or a patched operating system works to face ransomware, but anyone knows an affective anti-malware that can work for preventing it?
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    :D

    Only bullet-proof answer I would be comfortable with is Comodo FW with @cruelsister config locking in CONTAINMENT and at same time running in Shadow Mode.

    I once during testing my 8.1 x64 deliberately ran 1 0f several formidable ransomware samples that encrypted every file in Shadow Defender folder in Program Files, and eventually seizing up the entire system requiring a hard reset (Pull The Plug!)

    After booting back up it was like nothing ever happened. SD stood strong! That's why if I was concerned over ransomeware that CFW coupled with SD is as bullet-proof as I seen.
     
  14. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    My bullet proof solution to ransomware? First, don't keep your important data on your computer. Second, backup to a USB drive which will be disconnected once the backup is ready + test restoring an image. Third, use a virtualizer which is useful against any malware that might surreptitiously install in your system. A good updated AV might also help...
     
  15. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,360
    Disconnect from Internet, that should be bullet-proof. :geek:
     
  16. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,842
    Location:
    the Netherlands
    Hi Pablom,
    Till last January, on Windows 7, I used HitmanPro.Alert.
    Also see the HitmanPro.ALERT Support and Discussion Thread and the HitmanPro.Alert BETA thread here on Wilders.
    Nowadays, I use Kubuntu (Linux) and I feel comfortable with only patching and system imaging and backup of personal documents.
     
  17. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Taken a step further, enable properly configured Apparmor (Mandatory Access Control) to confine vulnerable programs, and this will trump everything mentioned so far in this thread.
     
  18. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,842
    Location:
    the Netherlands
    Thanks very much, wat0114.
    I know about AppArmor, but I feel comfortable with the AppArmor default settings for Kubuntu, so haven't studied the options for AppArmor configuration. Perhaps later, if I ever get bored with the low level of maintenance that Kubuntu needs, compared to Windows. :)
     
  19. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Excellent points. Concerning second point ("backup to a USB drive which will be disconnected once the backup is ready") I think it's best to use backup or imaging software that is on a self-booting media that operates outside of, & independently of, Windows.
     
  20. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    It can be treated as ant-ransome protection that I'm using on my 3 mashines (XP, Win 7, Win 8.1)
    - using SpyShelter: system/processes monitoring, restricted apps, restricted folders for downloaded content, data folders protection
    - using Shadow Defender: Shadow Mode for most of daily routines on the internet and testing apps
    - backup system: Keriver 1-Click on XP and Win7, Macrium Reflect for Win 8.1
    - using file manager (FreeCommander) for synching data with removable disk
     
  21. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    Exactly my experience, I've done hundreds of restores, and I can't recall ever doing it for malware...
    I'd like to add for whoever is considering learning how to protect a computer nowadays, you don't need many security programs at all, learning to restore your operating system is all you need to know to solve 99% of all problems you might encounter in the future. Restoring a healthy image of your operating system can be done in minutes, no hassles no fuss, no waste of time trying to find a solution or a fix, it just works once you know how to do it, and it's easy...
     
    Last edited: Oct 12, 2020
  22. assersegsten

    assersegsten Registered Member

    Joined:
    Sep 13, 2016
    Posts:
    73
    Location:
    denmark
    I secure My system with Bitdefender Total Security+Voodoo-Shield, that is my protection against Ransomware, and Adguard System-Wide;).
     
  23. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    905
    Location:
    U.S. Citizen
    Paid:
    Key words is to IMPROVE: and in the fight against ransomware

    youtu.be/r1HAeKMsFnI
    Set to read only!


    Free:
    Also, use a software call, Datapruis.
    Read only!
     
    Last edited: Oct 18, 2020
  24. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    905
    Location:
    U.S. Citizen
    Hi,

    Ransomware Rewind?

    Your opinion on the above?
    Do a search on the above..........
     
    Last edited: Feb 3, 2021
  25. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,286
    Location:
    Las Vegas
    100% in agreement. I have done dozens of restores and for me the ultimate protection is to do an image backup- updated daily. I have done it for years and never had a problem and do not worry if malware does get into my system at some point. I just restore the most recent image without the malware.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.