Reevaluate your backup strategy in the face of current ransomware trojans like Locky

JUst received this from Gizmo Richards and was wondering if there is any value to running it along with HitMan Pro.

Free Ransomware Protection Utility
http://www.techsupportalert.com/content/free-ransomware-protection-utility.htm

Also a question, I had HitMan some time ago but due to false positives I uninstalled it, now I am unable to test it. What I want to know is if I buy it now will I be able to get the benefit of ransomeware protection without ever having to do a PC scan using the program? If the ans is yes, would this be worth the cost of paying for the program?

 

It's a FREE protector, available to anyone, no license required. It's decent now but may fall behind as new RWare comes on the scene... can't hurt, though.

 

Thank you,,,,,,and part 2 of my post?

 

Part of my question above was missed so I will repeat it here.

 

Thank you Pete, 100% safe is not attainable but every little bit helps.

 

I think my strategy could be effective:

OS Drive: Dual boot Windows 10 x64 + Ubuntu 14.04.4 LTS AMD64.

Data Drives: Two separate data HDDs: one formatted with NTFS and protected by Bitlocker FDE; the other formatted with EXT4 with Linux LUKS FDE. A copy of the same data are stored on each data HDD to make duplicate backup.

I believe no virus/ransomware could possibly break my setup.

 

BG, I don't believe every little bit helps. What eventually happens is all these active and running AV/AM/AE/AR (AntiRansomeware) applications start stepping on each others toes and can cause some real operational issues.

What I don't understand is in the case of RansomWare. Every known variant 'cept LOCKY is invoked via a disguised email attachment... ie, "Froggie.PDF.EXE." The disguise works because most Windows users still have the worst DEFAULT Windows option EVER set as it was installed... "Hide extensions for known file types." This makes the above attached file appear as "Froggie.PDF" in the email... <duuuh!>. Now just a simple single or double <click> infects your machine... now how easy was that for the perpetrator! One simple option change allows the user to see the real file attached to that email... one with an extension that should scare the user, especially if they aren't expecting it.

As mentioned previously, LOCKY invokes itself via Microsoft Word MACRO capability. For many, many years, warnings have been issued about the ability of MS WORD macros to infect your machine... to the point where I believe, these days, Word MACRO capability is OFF by DEFAULT when Word is installed... it must be turned on to run macros. For Macro users, it's not asking too much to turn that capability on when needed, not leave it on 24/7... again makes no sense.

I guess I just don't view this RansomeWare issue the same as many other users... it's really very easy to avoid. I do view the multiple AV/AM/AE/AR as potentially very disruptive to a systems operations, other than just all the proactive scans that need to be done to declare something "good" along the way.

 

Excellent point, Froggie. I always change the viewing options to show File extension and hidden files in Windows, which helps a great deal seeing the real file extensions. Using multiple security software may be beneficial if there is no conflict with each other; but it also likely that these security products themselves become target for attacks. So I only use one single AV product in Windows, either Avira pro, or Symantec SEP, or Kaspersky. But BAV (Brain AV) should be one's main protection mechanism.

 

You make a lot of sense and I guess its my ignorance that is making me nervous. Prior to this thread I had never worried about ransom ware. Now that has changed.

Here is what I have on the PC now,

ESET Smart Security,
Zemana AntiLogger
AppGardd, (always set to locked down)
BitDefender anti-ransomware

I am considering adding HitmanPro Alert with Cryptoguard

I do not have MS Word installed on my PC so maybe the ransomeware issue is really a non-issue,,,,or is it?

One other thing,,,,and I probably will get yelled at for this,,,,,,I do not do MS Updates. Some time ago I had updates that would not install, I called MS Support and the tech cleared up whatever needed to be cleared so updates were installable (took some time to accomplish). I was told to disable all anti-malware before doing future updates but I was not willing to do that,,,,,eventually MS Updates again refused to install and I just ignore the weekly notice of new updates. I figure with the anti-malware apps I am using I should be pretty safe. I am also running AX64, Macrium Reflect paid, and Paragon Backup (once a week drive detached after backup). I am reasonably cautious with opening attachments but I am human and mistakes can occur so I thought HMPalert might be a good addition. Am I being foolish or am I OK? Would HMPalert be a good addition, overkill, or possibly even asking for trouble?

 

Of course you are correct about the software between our ears but errors do occur occasionally in all software thus the other programs come in handy at times.

Thanks for you input Peter & RF, much appreciated.

 

Seems to me that I have tried Shadow Defender in the past and did not like it, cannot remember for sure one way or the other. Will give it a try again (or for the first time). Thanks.

 

There's a good webinar being offered this Thursday by Sophos concerning RansomeWare (register HERE if interested)

Webinar SUMMARY
_______________

There's been a big surge in ransomware attacks this year, and 'Locky' is one of the common offenders. We've set up a webinar to support you against these recent threats and show you how to stay protected against these threats.

Join our Sophos webinar and discover:
* How ransomware attacks work
* Why a large number of new infections continue to surface despite existing protective measures
* Practical short and long term steps organizations should take to protect against ransomware
* How Sophos can help

 

It's at 10:45am your time... are you awake yet?

 

Your OS it's like a Swiss cheese and I don't think that your AV can cover the OS holes.

 

Neither do I. However I use a multi-layer and tight setup using those progs in my signature.

 

Like I said I expected to get yelled at, I am surprised you are the only one to take issue with me.

I am not relying on AV software alone plus I image religiously, hourly with AX64, daily with Macrium Reflect, and weekly with Paragon (drive only attached for this last when the backup is being done). I am using the following anti-malware apps

ESET Smart Security,
Zemana AntiLogger
AppGardd, (always set to locked down)
HitmanPro Alert with Cryptoguard

In addition, I am somewhat paranoid. If I do anything that seems even a bit risky, like opening an e-mail I am not certain of (I would never download a file attached to an e-mail I was not certain of) I revert the PC to a point in time before I opened the e-mail.

I would like to do the MS updates but there is no way I will disable all anti-malware apps to do so.

I tried Shadow Defender last week but did not like it. I prefer to do a restore to a previous time instead.

 

Keeping two generations on NAS, with swappeble disks. Oldest generation was read only for users and accessible by smartphone and tablets. I now have pulled it out during day time and switch from delayed continues backup to scheduled nightly backup.

Keeping focus on prevention, keeping one generation offline during day time causes a lot of manual hassle.