How I Protect Myself Against Ransomware

Ransomware

What is RansomWare?

Ransomware is probably the worst kind of malware you can get infected with.  After it gets into your system, it secretly encrypts all your disk drives in the background.  Once it’s done, it notifies you that all your files are encrypted and locked and demands an exorbitant amount of money to be transferred to the thieves (usually via BitCoin) in order to receive the decryption key and sometimes they take your money and never give you the key.  The longer you wait, the higher the ransom, until after about 3 days, they delete your key and your files are gone forever.

Things that do NOT work:

  • Encrypting your hard drive.  While it’s good practice to encrypt your hard drive, this does absolutely NOTHING to protect against Ransomware.  It may protect you from external people snooping your data, but if ransomware gets installed on your machine, it has access to your drive while it’s unencrypted, and can then encrypt it with its own keys.
  • Backups created using the same PC.  Why would having a backup NOT work against ransomware?  Because again, the ransomware can see and write to your backup drive if it’s accessible from your same PC and it will encrypt that too!

How I’m protecting myself against Ransomware

  • I have 2 drives on my main PC:  A boot drive that contains Windows and the installed applications, and an external, high capacity hard drive where ALL my data goes, INCLUDING my Windows Desktop, and all the special windows folders like desktop, documents, pictures, videos, downloads, etc…
  • My boot drive and my external drive are both encrypted (not really a help against Ransomware… just thought I’d mention that they’re encrypted).
  • I have a second drive of equal capacity as my data drive and it’s hooked up to an older Linux laptop.
  • On host, Windows PC, I created a user account named “Backup” (could be named anything) with read only access to my main data drive on my Windows PC.
  • On Linux, I used Veracrypt to encrypt my backup drive that’s connected to it (doesn’t really help against Ransomware, but again, just thought I’d mention it.)
  • Running a scheduled backup program on the Linux laptop (Lucky-backup… a GUI for rsync), connecting to my Windows PC over the network with the Windows “Backup” user account. It backs up all of my Windows external data drive to the Linux, encrypted backup drive and runs a differential backup every night.
  • Critically, the Windows PC has no direct access to the Linux backup drive.
  • My Linux laptop boots off a Linux flash thumb drive and does NOTHING but backup.

How does this protect me?

By using 2 different PC’s, the chances of BOTH of them being infected with ransomware at the same time is very small. By using 2 different operating systems, the chances of both being infected at the same time is drastically reduced.  While Linux is NOT virus free and is NOT ransomware free, it’s significantly more resilient and will NOT be infected by a Windows ransomware infection.  If, by chance, the Linux machine gets infected with Ransomware, it has only read only access to my data drive on my Windows PC and will not be able to encrypt it.  In either case, I have my full data on the other machine.

What happens if my Windows machine gets Ransomware?

I’ll reformat all of my Windows drives by booting off a clean flash thumb drive that has Windows installation media.  Then I’ll have to manually re-install my software, which will be a pain, but I have access to all of it.  Then I’ll need to restore my data to my data drive from my clean Linux backup.

What happens if my Linux machine gets Ransomware?

I’ll reformat all my Linux drives by booting off a clean flash thumb drive and then re-set up my backup system.  My Windows machine at that time should be clean.

Why doesn’t Encrypting my drives help me?

Encrypting your drives DOES  help protect you against adversaries trying to gain access to your data, but it does NOT help protect you against ransomware, which simply wants to DESTROY your data.  The reason is because ransomware runs after you’ve booted into Windows and Windows has decrypted access to your encrypted drives.  That means the ransomware has access to your encrypted drives too and can simply double-encrypt your data.

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Leave a Reply