questions about protection from cryptolocker

Discussion in 'Software' started by LMHmedchem, Nov 19, 2013.

  1. LMHmedchem

    LMHmedchem Private E-2

    Hello,

    I have been wondering about ways to increase my protection from ransomware such as cryptolocker. I run Comodo ISP, so hopefully the Defense+ system would prevent the cryptolocker executable from running in the first place but I try to avoid overconfidence in such matters.

    I run a backup to an external drive about once a week, so that should help some. I also run a nightly backup to an internal backup drive. I was thinking that I should not keep that internal backup partition mounted. I should add a mount command to my backup script and then unmount the drive again when the backup is done. That seems like it would help some, but I was wondering if anyone know if cryptolocker or similar would look for unmounted partitions and try to gain access to them.

    It also seems as if it make sense to run your email and web apps in a sandbox. As I understand it, that would keep the infection in the sandbox and cryptolocker would have no way of knowing that there were other files to target. Another user also suggested encrypting my backup partition with truecrypt and mounting it from my script. Though I do have encrypted backups of some things, I have always stayed away from having all of my backups encrypted because that is just another way to end up losing your data.

    I am running XP 32-bit and have cygwin installed in case that matters to anyone.

    Any thoughts on all of this?

    LMHmedchem
     
    LMHmedchem, Nov 19, 2013
    #1
  2. plodr

    plodr Major Geek Super Extraordinaire

    plodr, Nov 19, 2013
    #2
  3. LMHmedchem

    LMHmedchem Private E-2

    Thanks for the link. I have already done everything that is suggested in the article, including the use of CryptoPrevent. I do nightly backups to an internal backup drive, but these could be compromised as easily as the primary files. I have an external backup as well, but I don't run that every day.

    I am looking for ways to better protect my internal backup files. I could create a truecrypt container, but that would be a file that could be encrypted as easily as any other. I could use truecrypt to encrypt an entire drive and mount it through the command line, but I have always hesitated to have all of my backup files encrypted.

    I could also have my backup partition be unmounted unless the backup is running. I am looking for information about how CryptoLocker finds the files it is going to encrypt. Is the fact that there is no drive letter assigned to a drive, or if I use cygwin unmount to unmount the partition, enough to prevent CryptoLocker from finding the files? Can I password protect mounting of the partition? I believe that there are a number of applications that can password protect a partition without encrypting all of the partition files. Would something like this be effective?

    LMHmedchem
     
    LMHmedchem, Nov 20, 2013
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds