How useful is Backup against Ransomware

seoincorporation

legendary

Activity: 3332

Merit: 3116

Quote from: BitcoinSupremo on August 24, 2018, 10:45:38 AM

What are your practices to ensure a safe data keeping including all of your wallets (not talking about normal malware which can redirect your copy paste BTC address to another one) but I am talking in a situation where all your data is locked from a Ransomware. In case you did a backup every week of the entire image disk, the only thing you would lose is a week of data. Of course keep the image recovery in an external hard drive.

Any better security practices against Ransomware ?

The backups are important, not only to save your ass from a ransomware, there are one hundred ways your pc can get fucked up, Ransomware is just one of those ways. But i'm here with a solution for you.

Use Linux and avoid Ransomware, you can have a pc with half disk on linux and half disk on windows, that way of you are doing some job stuff you can use windows, and if you want to navigate on the web or do something 'risky' then you can use linux. Good security practices are the way to avoid all kind of viruses...

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: Thirdspace on September 15, 2018, 09:26:57 AM

btw, I heard there's a ransomware variant that makes the drive unformattable, any true to that?

Making a hard drive unformattable per se is not possible. Especially not on a software level.
With root access on a machine, you have full control over the hardware. Formatting is always a possibility.

But malware could theoretically flash the firmware of a hard drive to make it unusable.
This damage can still be repaired by a person with enough understanding, but most probably this would result in replacing the hard drive because of failure.
Especially since such a damage would be non-standard and probably more costly to let it fix by IT repair services, than to simply buy a new one.

Kakmakr

legendary

Activity: 3514

Merit: 1963

Leading Crypto Sports Betting & Casino Platform

My best practice is to do incremental backups, where previous backups are not being over-written by newer data that are added later. I also keep a hard copy of previous backups, separate from newer backups to stop cross infection.

You need to keep the copies of your backups as total separate copies. Once you access previous copies, those backups can be infected too. So only use copies of original backups, when you do the restore.

The cost of the backups might be more, but the re-installation will not be from infected originals that are being overwritten over and over again. Roll Eyes

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: ?? on ??

Not really, Backup wont help much against the ransomware virus as they block the system altogether.

We're discussing cloud backups? So you'd use a service that offer the avaliability of backups which will keep the data more secure (hopefully) or at least keep another copy you can rely upon, care must then be taken when encrypting the file.

Thirdspace

hero member

Activity: 1232

Merit: 738

Mixing reinvented for your privacy | chipmixer.com

Quote from: bob123 on August 24, 2018, 01:10:36 PM

~
If your drive is plugged in and mounted the ransomware will simply also encrypt the backup.

Quite a few people seem to forget about this point Cheesy

Keeping the backup drive plugged in is always a bad idea (e.g. ransomware, lightning strike, .. ).

Quote from: ?? on ??

Not really, Backup wont help much against the ransomware virus as they block the system altogether.

@UKUSA22 if you have your backup (attached) in the same system, then you have done it wrong
backup really does help against ransomware as long as you are doing it properly
bob123 is correct, always detach your backup drive off the main system
btw, I heard there's a ransomware variant that makes the drive unformattable, any true to that?

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: bob123 on August 28, 2018, 02:39:02 AM

Encrypting the file asymmetrically would require a way larger key compared to encrypting it symmetrically.
The advantage of asymmetric encryption is the solution of the key exchange. It doesn't need one. But if you are only encrypting it as a backup for your own, using symmetric encryption is favorable.
Asymmetric keys have to be 10 (or more!) times larger than symmetric keys to have an equal bit strength.

Theoretically, a proper encrypted file with a key which is long enough to be considered safe should be absolutely fine. Even stored offline.
But the devil is in the detail. You have to rely on the software you use to encrypt the data to be correctly implemented (e.g. entropy).

In case of a data leak (on the cloud provider side) AND an incorrectly implemented algorithm, your keys are at risk. This scenario is pretty unlikely. But it should be considered nevertheless.

It is a fairly tiny file though in comparison to some backups if you get everything to be a gigabyte in size then it's not too much of an issue.
The idea with assymatry is that you can keep a unencrypted copy of the public key on your computer and then easily find the private key by putting it into an electrum client on an offline computer for example so you know the exact key (especially if there are multiple wallet files you're trying to back up)...

Symmetric encryption also works but you might have to keep reusing private keys or get stuck remembering which you used for which file.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: jackg on August 27, 2018, 03:34:11 PM

Quote from: LoyceV on August 25, 2018, 09:45:21 AM

Quote from: AirdropsCoin on August 25, 2018, 04:06:13 AM

Cloud-Based Backup creates copies of all your files

I would definitely not upload wallets to cloud storage, that's like the opposite of cold storage.

I'm sort of undecided on this one. If you have a fully encrypted backup, then sure upload it to the clous (by fully encrypted I mean assymetrically encrypted using a public key-private key pair that is at least the strength of encryption system Bitcoin is based upon - the file is generally a few megabytes in size at most).

Encrypting the file asymmetrically would require a way larger key compared to encrypting it symmetrically.
The advantage of asymmetric encryption is the solution of the key exchange. It doesn't need one. But if you are only encrypting it as a backup for your own, using symmetric encryption is favorable.
Asymmetric keys have to be 10 (or more!) times larger than symmetric keys to have an equal bit strength.

Theoretically, a proper encrypted file with a key which is long enough to be considered safe should be absolutely fine. Even stored offline.
But the devil is in the detail. You have to rely on the software you use to encrypt the data to be correctly implemented (e.g. entropy).

In case of a data leak (on the cloud provider side) AND an incorrectly implemented algorithm, your keys are at risk. This scenario is pretty unlikely. But it should be considered nevertheless.

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: LoyceV on August 25, 2018, 09:45:21 AM

Quote

I can't imagine a single OS which can not be a victim of ransomware.

But after some reading I can say you're right: it can happen on any OS. I just expect it to be much more likely on Windows.

I think Windows is more vulnerable because it's used by people who have less of a grasp on computing (ok there are people who are clever who use Windows and I don't know why people would use mac OS as they're just supporting plagiarism but a majority of people who use windows are using it because it's "easier for them to find stuff or easier for them to install stuff".
Typically speaking, unless you're going to comb through the autogen.sh, configure and make files you aren't going to know your linux machine is 100% safe.

Quote from: LoyceV on August 25, 2018, 09:45:21 AM

Quote from: AirdropsCoin on August 25, 2018, 04:06:13 AM

Cloud-Based Backup creates copies of all your files

I would definitely not upload wallets to cloud storage, that's like the opposite of cold storage.

[/quote]
I'm sort of undecided on this one. If you have a fully encrypted backup, then sure upload it to the clous (by fully encrypted I mean assymetrically encrypted using a public key-private key pair that is at least the strength of encryption system Bitcoin is based upon - the file is generally a few megabytes in size at most).

Typically speaking, if using bitcoin core. You can add a password to your wallet file (offline after making the first address), back it up and then keep using your wallet file as long as it is a hd wallet and not back it up again. Similarly, with most SPV wallets that are bip39 comaptible, all that's needed is to put the seed somewhere on another hard drive (encrypted and NOT AS A FILE NAME). Encryption must be done with a strong password though.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: BitcoinSupremo on August 24, 2018, 10:45:38 AM

What are your practices to ensure a safe data keeping including all of your wallets (not talking about normal malware which can redirect your copy paste BTC address to another one) but I am talking in a situation where all your data is locked from a Ransomware. In case you did a backup every week of the entire image disk, the only thing you would lose is a week of data. Of course keep the image recovery in an external hard drive.

Any better security practices against Ransomware ?

Apart from regulars backup on external device it would be better to not even use any desktop hot wallet on device which has internet access. Solution is to have two device, airgapped for cold wallet and watch only in device with internet, you just need to be sure to not infect airgapped device through usb stick.

Regarding hardware wallets, are they also exposed to ransomware or they are protected from such attack? We can often read that even our device is infected, using hardware wallets on such device should be safe - whether this also applies to ransomware?

Theb

hero member

Activity: 1680

Merit: 655

Quote from: bob123 on August 24, 2018, 12:28:59 PM

Simple answer: No.

Periodic backups are actually the best protection mechanism against ransomware.

Once you are hit by a ransomware you basically have 3 options:
1) You pay the ransom and have to hope that you'll get the decryption key and/or the files have not been deleted (No guarantee of getting your data back).

Yup I agree with what others have said, backing up your wallet and keeping your coins offline is really the best thing you can do, because once your device is targeted by a ransomware there is really no assurance that they will unlock your device even if you paid, and even if they did unlock your device there is no guarantee that your device is clean from the malware that has been in it, they might just be cloaking their real attack by thinking that your device is malware free, and they are just waiting for their next attack once they get the sufficient data needed to steal some more from you. So in other words I really don't like the option of paying the ransomware for your device that is already compromised by them.

btj

member

Activity: 115

Merit: 16

Paper wallet i think is the most secured solution.

External hard drive, USB, or any same alternative can be hacked today or tomorrow ...

If you want keep your wallet on your OS, there no 100% secured OS and all can be affected by ransomware attack ... even if your OS is 100% secure (Which is impossible), programs you install on it like: Adobe products, Office, and any needed softwares for your work are not safe !!! Each time new hacker discover new bug and an army of Cryptocurrencies hunters begin to exploit it actively ...

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: bob123 on August 24, 2018, 12:59:30 PM

An OS which doesn't support what?

Basically anything non-Windows.

Quote from: AirdropsCoin on August 25, 2018, 04:06:13 AM

Cloud-Based Backup creates copies of all your files

I would definitely not upload wallets to cloud storage, that's like the opposite of cold storage.

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: HeRetiK on August 24, 2018, 05:17:24 PM

Quote from: bob123 on August 24, 2018, 01:10:36 PM

[...]

But do you also unmount (or unplug) your hard drive each time after the backup ?
If your drive is plugged in and mounted the ransomware will simply also encrypt the backup.

[...]

Same is also true for NAS drives and shared network folders. Worse still, if multiple machines within your network have access to the same NAS (which usually is kind of the point), every machine becomes a liability.

They're both true, I was looking into using drive cloning on an asic style device. There are complex ways to mount drives so they don't get infected by viruses or interrupted by them during backups (for example using safe mode or a live Linux OS).

Although heuristic algoriths are often noticed by antivirus for their resource intensiveness.

AirdropsCoin

newbie

Activity: 15

Merit: 0

Cloud-Based Backup creates copies of all your files, and even your entire operating system – and keeps it safe, away from attackers and the threats of Ransomware

HeRetiK

legendary

Activity: 3108

Merit: 2177

Playgram - The Telegram Casino

Quote from: bob123 on August 24, 2018, 01:10:36 PM

[...]

But do you also unmount (or unplug) your hard drive each time after the backup ?
If your drive is plugged in and mounted the ransomware will simply also encrypt the backup.

[...]

Same is also true for NAS drives and shared network folders. Worse still, if multiple machines within your network have access to the same NAS (which usually is kind of the point), every machine becomes a liability.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: BitcoinSupremo on August 24, 2018, 01:04:45 PM

Anyway I am glad that I do backups regularly.

Thats good.

But do you also unmount (or unplug) your hard drive each time after the backup ?
If your drive is plugged in and mounted the ransomware will simply also encrypt the backup.

Quite a few people seem to forget about this point Cheesy

Keeping the backup drive plugged in is always a bad idea (e.g. ransomware, lightning strike, .. ).

BitcoinSupremo

copper member

Activity: 1442

Merit: 529

Quote

Use an OS that doesn't support it Cheesy

I am talking about Windows but I guess this is already understood by now Grin

. Anyway I am glad that I do backups regularly.
I should stick with this practice.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: LoyceV on August 24, 2018, 12:53:38 PM

Quote

Any better security practices against Ransomware ?

Use an OS that doesn't support it Cheesy

An OS which doesn't support what?
I can't imagine a single OS which can not be a victim of ransomware.

I mean.. it is easy conceivable that some OS are more targeted than others. But an OS which is immune ?
Maybe only an OS where each script is being run as nobody Cheesy

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: jackg on August 24, 2018, 12:41:42 PM

I thought they were configured to dump the transaction with the lower fee, is that not the case any more?

I highly doubt so. Mempool conflict would occur regardless of the fee. RBF was possible years ago.

Opt-in RBF is possible now, if they choose to flag it in the transaction. If they're smart, they won't enable it.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: BitcoinSupremo on August 24, 2018, 10:45:38 AM

In case you did a backup every week of the entire image disk, the only thing you would lose is a week of data. Of course keep the image recovery in an external hard drive.

Use more than one backup, and overwrite them in chronological order. You don't want to be overwriting your old backup, right when you need it.

Quote

Any better security practices against Ransomware ?

Use an OS that doesn't support it Cheesy

Topic: How useful is Backup against Ransomware (Read 415 times)