Results 1 to 8 of 8

Thread: Ransomware and backups

  1. #1
    Join Date
    May 2004
    Posts
    467

    Default Ransomware and backups

    Hello all.

    I thought I'd cracked the ransomware threat by having very regular back-ups, which meant that if ever I did get the message that my files were locked up, I could say 'get stuffed', wipe my hard drive and restore.

    Then my partner asked this question, which is troubling me!

    She said: "Suppose you have downloaded malware, which hasn't opened up (and demanded a Ransom, for example), and THEN you make your back-up, quite unwittingly, thus backing up the malware too. Later, you want to restore...."

    So the question is 'Do you then RESTORE the malware along with everything else?

    We use SuperDuper. Does it, or is there an alternative program, which runs a disinfecting scan prior to backing up?

    Any ideas?

    A

  2. #2
    Join Date
    Aug 2001
    Location
    Grangeville, ID USA
    Posts
    8,954

    Default

    Yes, if you download something that corrupts your computer, and that something is designed to 'go off' after some sort of time frame, then you will have backed it up and it will exist on your backups. Besides which, many of these ransomware attacks act by encrypting access to the data. It encrypts attached devices, not just the boot drive. So no protection exists except having offline archival type backups.

    No backup software that I know of searches for this type of attack. If an inexpensive backup app could detect these, then high end firewalls could as well - SuperDuper, Synchonize Pro, Chrono Sync, CCC et. al. are seriously el cheapo compared to what a major corporation has for internet portal filtering. Obviously they can't do it, you definitely won't accomplish it with ~$50 backup software.
    molṑn labe'
    "I am a mortal enemy to arbitrary government and unlimited power. I am naturally very jealous for the rights and liberties of my country, and the least encroachment of those invaluable privileges is apt to make my blood boil."
--Ben Franklin

  3. #3
    Join Date
    May 2004
    Posts
    467

    Default

    Thanks ricks, as ever.

    We only turn on the external drives when we do back-ups, so that's covered.

    What I think I want, then, is a quick scan program which I can run prior to each back up, just to check that I'm not backing up malware too!

    Not sure if Kaspersky fits that bill; I think it works as far as it goes, but it's a bit clunky.


    Allen.

  4. #4
    Join Date
    Aug 2001
    Location
    Grangeville, ID USA
    Posts
    8,954

    Default

    I don't think that the ransomware can be seen by the scanner tools. The only protection there is is periodic archival copies - multiples at that. You and I cannot afford the scanning that huge corporation do on their portals, and they all got bit by this latest ransomware. I can't help but think that this is chasing a chimera to think we can catch this type of attack which by definition is unknown at the time of its spread. All you can do is set up a proper archival system, in my very humble opinion. There is a lot about internet security that I don't know.
    molṑn labe'
    "I am a mortal enemy to arbitrary government and unlimited power. I am naturally very jealous for the rights and liberties of my country, and the least encroachment of those invaluable privileges is apt to make my blood boil."
--Ben Franklin

  5. #5
    Join Date
    Jan 2006
    Location
    Boise
    Posts
    940

    Default

    Most of the malware attacks occur by our own carelessness. Phishing emails, coming from somewhere that fool us into clicking on a link that creates an action. My partner did just such a thing from an email from someone she hadn't heard from in years and then it suggesting she check out the data from a meeting. Question is does this seem like a legitimate thing? If you have any question, it's not a good ideal to click. These attacks can come from web sites, but within the Safari browser there is a Preference in Security that says "warn of fraudulent websites" - check it. I think there's only been one ransomware for Macs and you had to use a certain program that Apple has since removed from it's Store. Someone will need to help me remember this - there is a place on the Mac where you can specify that you only allow programs to be downloaded from the Apple App Store, unless you log in as an Administrator, or if you are logged in you must use your password to verify the download ( I looked and can't find it but someone knows, right?) If you do those things and learn about how to identify phishing email (https://support.apple.com/en-us/HT204759) from that page, and you don't click one of those phishing emails, you'll be pretty darned secure. It's another one of the great things about having a Mac.

    This latest malware that was going around, affected mostly machines using Microsoft XP. It's outdated and unsupported, but Microsoft still issued a patch for the vulnerability, that some people didn't utilize and they got stung. Pirated software was also affected as they couldn't use the patch.

  6. #6
    Join Date
    May 2004
    Posts
    467

    Default

    Hello yeungfeng.

    Points taken. My partner won't click links even if they're from me, which is probably very wise.

    The System Preferences you refer to is on Security/General, where you can choose only to download apps from the App Store, for example.

    Kaspersky has a handy tool - rather than doing a full or partial scan of great chunks of your machine, you can drag an individual file or folder onto their checking panel and they just scan that. I've never tried dragging an incoming suspect file off an email onto the panel - I think it might only work if you've already downloaded it, which isn't a great help.

    That might not be a bad idea for Apple, or for some Dragon's Den-type entrepreneur, actually - some sort of 'panel' where you can drag suspect files where they get thoroughly analysed and if necessary disposed of. You might argue that we should each be able to do this ourselves, but obviously partners/others not as clued up might like the reassurance of an external 'helper' like this.

    Wish you all well,

    Allen.

  7. #7
    Join Date
    Feb 2001
    Location
    on the landline, Mr. Smith
    Posts
    7,767

    Default

    Don't forget Macs actually have a built-in security system. Easy to forget, as Apple does not hype it, and there is no app or interface.

    A nice reminder here, plus a good free third party tool that will detect and remove usual suspects, and verify your machine is clean. MalwareBytes is not AV software, but does work well on adware/malware. The free version must be run manually; no way to schedule automatic scans. the good news is, it is very fast to update and run. Like 2-3 minutes.

    I was curious if the free Sophos Home would protect against ransomware, but it looks like only their premium suite (now in beta) would he useful removing/blocking ransomware.

    This looks interesting. Should this trend grow, I expect both Apple and security companies will react with more tools and options.
    "Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining." -- Jef Raskin

  8. #8
    Join Date
    May 2004
    Posts
    467

    Default

    Thanks, Unclemac.

    I'll have a look at those suggestions (although not Sophos, as my Kaspersky sees Sophos as a threat, and I think Sophos sees Kaspersky in the same light, result: stalemate!)

    But the QuickScan prior to backing up might just fit the bill.

    Later...

    Loaded the Malwarebytes Anti-malware for Mac, and as you said, only takes a couple of minutes for a scan.

    Also read the various articles, all very interesting.

    I am afraid that it WILL happen, i.e. more ransomeware attacks on Macs, as the bad guys realise that there is a potentially lucrative market amongst Mac users, both individuals and corporate.

    I don't lie awake at night worrying about these things, but I was a Boy Scout for a short time (until they found me out) and I still go by the old motto, "Be Prepared".

    And whether it was an American or an Irishman who said "Eternal vigilance is the price of liberty,” either one was right...

    Allen.
    Last edited by billybobski; 05-24-2017 at 08:25 AM. Reason: more information

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •