The bullet-proof solution to Ransomware?

My computer's security "wall" does not presently include any app to protect against ransomeware specifically. However, I do image my system drive to a stand-alone hard drive 3-4 times weekly & retain images for several weeks.

My image software is on a USB flash drive that loads on its own, independent of Windows.

Dumb QUESTION #237-3: Is a clean image a bullet-proof solution to ransomware, even if my computer's boot records are encrypted?

Dumb QUESTION #237-4: Is there, as yet, any malware that can screw up my computer's bios?

 

There is one that I can think of and it is called....Microsoft Windows 10 Update.....Sorry that I am being facetious but the last their major update put my bios sequence out of order...took me hours to find that out.

 

I had 17 reasons why I never downgraded Win7 to Win 10. Thanks to your post, I now have 18.

 

Assumed here is you boot to the USB drive and run your image backups and only connect the external drive when doing backups.

Note that if that USB is ever connected to your PC is running Windows, it could theoretically be infected. Booting from read only media such as a CD/DVD is more secure.

Only if your doing a full drive backup or your have separately done at backup of the MBR. Also separate backup/restores of a UEFI are a bit tricky; a full drive backup resolves that. Ditto for ransomware that encrypts the MFT.

For a BIOS it would be have to be firmware related. However, there are UEFI malware.

 

Applying security updates to any O/S is certainly of paramount importance, but not necessarily a bullet-proof way to elude malware.

BTW, in my own humble experience over the many years, my image backups have saved my bacon far more often than anti-malware software, and other vast security measures I've had in place, not really because of malware infections, but 99% because of some software or other overzealous tinkering under the hood (I often can't help myself ) I've done that crippled the O/S.

 

@itman -- VERY educational reply. Thank you to the nth. This is why THIS forum is the absolute best!!!

Uh-oh! Halloween draws near. Shreeeeek!!!

The mere idea of a UEFI malware gives me chilblaines. My computer DOES have UEFI vice BIOS. Will restoring a clean, full-disk image fix an impaired or contaminated or dysfunctional UEFI? If not what (if anything) will..........?

@WiseVector -- Please take note of this discussion.

 

Here is an example of UEFI malware reported recently: https://www.wilderssecurity.com/threads/custom-made-uefi-bootkit-found-lurking-in-the-wild.433078/
Restore of clean image won't fix your BIOS. You would have to flash/update BIOS using your manufacturer's installer.
Protection:
1. if you update your BIOS make sure that you get legit updater from manufacturer
2. password protect BIOS and prevent unauthorized people from physically accessing your computer

 

Are you saying that someone must have physical access to a computer in order to contaminate its BIOS or UEFI?

 

It's the easiest way for attacker. But since you can also update BIOS from within Windows that option is also possible - to trick user to install modified BIOS.

 

Password may not protect BIOS/UEFI, because there may be bugs in UEFI that allows to modify it without proper password and update UEFI capsule cryptographic signature.

However UEFI malware is very rare and only works on very limited set of motherboards models. It's mainly malware developed by nation-state-backed teams. IMHO it's better to spend your time securing your data against more typical malware and hardware failures.

 

I agree, it's not worth to worry about.

 

Hi everyone, maybe having a backup system or a patched operating system works to face ransomware, but anyone knows an affective anti-malware that can work for preventing it?

 

Only bullet-proof answer I would be comfortable with is Comodo FW with @cruelsister config locking in CONTAINMENT and at same time running in Shadow Mode.

I once during testing my 8.1 x64 deliberately ran 1 0f several formidable ransomware samples that encrypted every file in Shadow Defender folder in Program Files, and eventually seizing up the entire system requiring a hard reset (Pull The Plug!)

After booting back up it was like nothing ever happened. SD stood strong! That's why if I was concerned over ransomeware that CFW coupled with SD is as bullet-proof as I seen.

 

My bullet proof solution to ransomware? First, don't keep your important data on your computer. Second, backup to a USB drive which will be disconnected once the backup is ready + test restoring an image. Third, use a virtualizer which is useful against any malware that might surreptitiously install in your system. A good updated AV might also help...

 

Disconnect from Internet, that should be bullet-proof.

 

Hi Pablom,
Till last January, on Windows 7, I used HitmanPro.Alert.
Also see the HitmanPro.ALERT Support and Discussion Thread and the HitmanPro.Alert BETA thread here on Wilders.
Nowadays, I use Kubuntu (Linux) and I feel comfortable with only patching and system imaging and backup of personal documents.

 

Taken a step further, enable properly configured Apparmor (Mandatory Access Control) to confine vulnerable programs, and this will trump everything mentioned so far in this thread.

 

Thanks very much, wat0114.
I know about AppArmor, but I feel comfortable with the AppArmor default settings for Kubuntu, so haven't studied the options for AppArmor configuration. Perhaps later, if I ever get bored with the low level of maintenance that Kubuntu needs, compared to Windows.

 

Excellent points. Concerning second point ("backup to a USB drive which will be disconnected once the backup is ready") I think it's best to use backup or imaging software that is on a self-booting media that operates outside of, & independently of, Windows.

 

It can be treated as ant-ransome protection that I'm using on my 3 mashines (XP, Win 7, Win 8.1)
- using SpyShelter: system/processes monitoring, restricted apps, restricted folders for downloaded content, data folders protection
- using Shadow Defender: Shadow Mode for most of daily routines on the internet and testing apps
- backup system: Keriver 1-Click on XP and Win7, Macrium Reflect for Win 8.1
- using file manager (FreeCommander) for synching data with removable disk

 

Exactly my experience, I've done hundreds of restores, and I can't recall ever doing it for malware...
I'd like to add for whoever is considering learning how to protect a computer nowadays, you don't need many security programs at all, learning to restore your operating system is all you need to know to solve 99% of all problems you might encounter in the future. Restoring a healthy image of your operating system can be done in minutes, no hassles no fuss, no waste of time trying to find a solution or a fix, it just works once you know how to do it, and it's easy...

 

I secure My system with Bitdefender Total Security+Voodoo-Shield, that is my protection against Ransomware, and Adguard System-Wide.

 

Paid:
Key words is to IMPROVE: and in the fight against ransomware
youtu.be/r1HAeKMsFnI
Set to read only!


Free:
Also, use a software call, Datapruis.
Read only!

 

Hi,

Ransomware Rewind?

Your opinion on the above?
Do a search on the above..........

 

100% in agreement. I have done dozens of restores and for me the ultimate protection is to do an image backup- updated daily. I have done it for years and never had a problem and do not worry if malware does get into my system at some point. I just restore the most recent image without the malware.