1. Forum
  2. Fidonet
  3. ALT-COMP-ANTI-VIRUS

  • Re: Why do they say 'disconnect your backup from your PC' when

    From Wolf K@1:396/4 to All on Sat Feb 18 06:08:24 2017
    From: Wolf K <wolfmac@sympatico.ca>

    On 2017-02-18 16:58, RayLopez99 wrote:
    They always say when discussing ransomware to disconnect your backup from
    your PC (ie an air gap), but to me it don't make sense why. Suppose you mirror
    your C: drive to your D: drive, how is that image file going to be infected by ransomware? Can't you just wipe the C: drive, then reinstall the image from the D: drive to get back to a point before the ransomware infected your system?

    As a precaution, I do backup to a USB drive as well, but I don't know why
    they suggest doing this.

    RL

    Easy: Write the ransomware to attack all partitions ("drives").


    Good luck,

    --
    Best,
    Wolf K
    https://kirkwood40.blogspot.com
    It's called "opinion" because it's not knowledge.
    --- NewsGate v1.0 gamma 2
    * Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
  • From RayLopez99@1:396/4 to All on Sat Feb 18 22:18:28 2017
    From: RayLopez99 <raylopez88@gmail.com>

    On Saturday, February 18, 2017 at 5:08:27 PM UTC-5, Wolf K wrote:



    Easy: Write the ransomware to attack all partitions ("drives").



    OK thanks Wolf K. So I suppose ransom-ware will freeze your entire system,=
    all partitions, even USB sticks and external drives that happen to be conn= ected to the infected PC at the time of the attack, immediately? I didn't = know that. I was assuming the virus was selective in what it encrypted, an=
    d otherwise let you do some work (I got this impression from reading an art= icle that implied the PC was infected by ransomware for several weeks, but = the owner did not know until weeks later).

    RL
    --- NewsGate v1.0 gamma 2
    * Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
  • From Wolf K@1:396/4 to All on Sun Feb 19 06:30:56 2017
    From: Wolf K <wolfmac@sympatico.ca>

    On 2017-02-19 15:18, RayLopez99 wrote:
    On Saturday, February 18, 2017 at 5:08:27 PM UTC-5, Wolf K wrote:



    Easy: Write the ransomware to attack all partitions ("drives").



    OK thanks Wolf K. So I suppose ransom-ware will freeze your entire system,
    all partitions, even USB sticks and external drives that happen to be connected
    to the infected PC at the time of the attack, immediately? I didn't know that.
    I was assuming the virus was selective in what it encrypted, and otherwise let
    you do some work (I got this impression from reading an article that implied the PC was infected by ransomware for several weeks, but the owner did not know
    until weeks later).

    Ransomware does what its designers programmed it to do. If you can
    imagine some way of messing with your system, so can other people. And
    some of them will write a program to do it.

    Have a good day,

    --
    Best,
    Wolf K
    https://kirkwood40.blogspot.com
    It's called "opinion" because it's not knowledge.
    --- NewsGate v1.0 gamma 2
    * Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
  • From David B.@1:396/4 to All on Mon Feb 20 11:34:12 2017
    From: "David B." <DavidB@nomail.afraid.invalid>

    On 20/02/2017 16:13, Shadow wrote:
    On Sun, 19 Feb 2017 12:18:28 -0800 (PST), RayLopez99
    <raylopez88@gmail.com> wrote:

    On Saturday, February 18, 2017 at 5:08:27 PM UTC-5, Wolf K wrote:



    Easy: Write the ransomware to attack all partitions ("drives").



    OK thanks Wolf K. So I suppose ransom-ware will freeze your entire system, all partitions, even USB sticks and external drives that happen to be connected
    to the infected PC at the time of the attack, immediately?

    You forgot network drives, and/aka "the cloud". If you have
    access to it, the trojan does too.
    Only thing safe is a read-only like a DVD or Blu-Ray backup.
    Assuming you "closed" the disk. Though in theory even they could be overwritten.
    []'s

    Frightening, isn't it? :-(

    --- NewsGate v1.0 gamma 2
    * Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
  • From David B.@1:396/4 to All on Tue Feb 21 04:51:22 2017
    From: "David B." <DavidB@nomail.afraid.invalid>

    On 21/02/2017 05:53, Ant wrote:
    David B. <DavidB@nomail.afraid.invalid> wrote:
    On 20/02/2017 16:13, Shadow wrote:
    On Sun, 19 Feb 2017 12:18:28 -0800 (PST), RayLopez99
    <raylopez88@gmail.com> wrote:

    On Saturday, February 18, 2017 at 5:08:27 PM UTC-5, Wolf K wrote:



    Easy: Write the ransomware to attack all partitions ("drives").



    OK thanks Wolf K. So I suppose ransom-ware will freeze your entire system, all partitions, even USB sticks and external drives that happen to be connected to the infected PC at the time of the attack, immediately?

    You forgot network drives, and/aka "the cloud". If you have
    access to it, the trojan does too.
    Only thing safe is a read-only like a DVD or Blu-Ray backup.
    Assuming you "closed" the disk. Though in theory even they could be
    overwritten.
    []'s

    Frightening, isn't it? :-(

    Eventually, ransomwares will take over our bodies! Ahhhhhhhhhhhhhhhhh!

    Haha! :-)

    I know folk in real life who have had problems with ransomware on their Windows machines.

    Have you ever encountered anyone having a ransomeware problem on an
    Apple Mac?

    --
    "Do something wonderful, people may imitate it." (Albert Schweitzer)

    --- NewsGate v1.0 gamma 2
    * Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)