Bitcoin Forum

What are your practices to ensure a safe data keeping including all of your wallets (not talking about normal malware which can redirect your copy paste BTC address to another one) but I am talking in a situation where all your data is locked from a Ransomware. In case you did a backup every week of the entire image disk, the only thing you would lose is a week of data. Of course keep the image recovery in an external hard drive.

Any better security practices against Ransomware ?

I'll be surprised if the ransomware didn't include something which sweeps Bitcoin wallets, considering that they accept Bitcoin payments afterall.

Backups aren't really going to save anything other than your wallets. If you are someone who at least is good at managing their crypto assets, then your wallet shouldn't be your biggest concern; just keep them offline like I do. Avoiding ransomware is the same as avoiding any other malware; practicing good security, antivirus, regular updates etc.

If you have a good password and have written down your seed/printed out your private keys then you can easily get everything back from there providing they haven't a confirmed transaction with it.

If someone was using malware and decided to pay everything to themselves, I'd run a separate transaction to compete with the fee that they set, if they retaliate then I'd put everything into the transaction fee and send them nothing and then I at least have the knowledge that my coins went to maintaining the bitcoin network rather than falling into the hands of a scammer.

Isn't as simple. If they don't flag opt-in RBF, whoever is the fastest in spending the outputs gets the coin. Most nodes don't relay double spends and they simply ignore any subsequent transactions. You can obviously request miners to not include it but it would take way too long. Also doubt that you would realise that your coins are stolen before it confirms.

Simple answer: No.

Periodic backups are actually the best protection mechanism against ransomware.

Once you are hit by a ransomware you basically have 3 options:
1) You pay the ransom and have to hope that you'll get the decryption key and/or the files have not been deleted (No guarantee of getting your data back).
2) You do not pay the ransom and wait that some engineers will find an encryption tool (works with flaws in the ransomware, no guarantee of getting your data back).
3) You do not pay and simply copy over your backup. This takes you a few hours at most, but will give you all of your data back (at least most of it, depending on the last backup).


The only real option (where you surely get your data back) is to have backups. All other options either rely on someone else reverse engineering it or the attacker to be 'trustful'.

I thought they were configured to dump the transaction with the lower fee, is that not the case any more?

I can confirm that most nodes do only relay the first transaction they have received, regardless of the fee paid.

But unfortunately i can't tell, whether there was a change to achieve this. I thought it always has been like this.

Use more than one backup, and overwrite them in chronological order. You don't want to be overwriting your old backup, right when you need it.

Use an OS that doesn't support it :D

I highly doubt so. Mempool conflict would occur regardless of the fee. RBF was possible years ago.

Opt-in RBF is possible now, if they choose to flag it in the transaction. If they're smart, they won't enable it.

An OS which doesn't support what?
I can't imagine a single OS which can not be a victim of ransomware.

I mean.. it is easy conceivable that some OS are more targeted than others. But an OS which is immune ?
Maybe only an OS where each script is being run as nobody :D

I am talking about Windows but I guess this is already understood by now  ;D. Anyway I am glad that I do backups regularly.
I should stick with this practice.

Thats good.

But do you also unmount (or unplug) your hard drive each time after the backup ?
If your drive is plugged in and mounted the ransomware will simply also encrypt the backup.

Quite a few people seem to forget about this point :D
Keeping the backup drive plugged in is always a bad idea (e.g. ransomware, lightning strike, .. ).

Same is also true for NAS drives and shared network folders. Worse still, if multiple machines within your network have access to the same NAS (which usually is kind of the point), every machine becomes a liability.

Cloud-Based Backup creates copies of all your files, and even your entire operating system – and keeps it safe, away from attackers and the threats of Ransomware

They're both true, I was looking into using drive cloning on an asic style device. There are complex ways to mount drives so they don't get infected by viruses or interrupted by them during backups (for example using safe mode or a live Linux OS).

Although heuristic algoriths are often noticed by antivirus for their resource intensiveness.

Basically anything non-Windows.

But after some reading I can say you're right: it can happen on any OS. I just expect it to be much more likely on Windows.

I would definitely not upload wallets to cloud storage, that's like the opposite of cold storage.

Paper wallet i think is the most secured solution.

External hard drive, USB,  or any same alternative can be hacked today or tomorrow ...

If you want keep your wallet on your OS, there no 100% secured OS and all can be affected by ransomware attack ... even if your OS is 100% secure (Which is impossible), programs you install on it like: Adobe products, Office, and any needed softwares for your work are not safe !!! Each time new hacker discover new bug and an army of Cryptocurrencies hunters begin to exploit it actively  ...

Yup I agree with what others have said, backing up your wallet and keeping your coins offline is really the best thing you can do, because once your device is targeted by a ransomware there is really no assurance that they will unlock your device even if you paid, and even if they did unlock your device there is no guarantee that your device is clean from the malware that has been in it, they might just be cloaking their real attack by thinking that your device is malware free, and they are just waiting for their next attack once they get the sufficient data needed to steal some more from you. So in other words I really don't like the option of paying the ransomware for your device that is already compromised by them.

Apart from regulars backup on external device it would be better to not even use any desktop hot wallet on device which has internet access. Solution is to have two device, airgapped for cold wallet and watch only in device with internet, you just need to be sure to not infect airgapped device through usb stick.

Regarding hardware wallets, are they also exposed to ransomware or they are protected from such attack? We can often read that even our device is infected, using hardware wallets on such device should be safe - whether this also applies to ransomware?

I think Windows is more vulnerable because it's used by people who have less of a grasp on computing (ok there are people who are clever who use Windows and I don't know why people would use mac OS as they're just supporting plagiarism but a majority of people who use windows are using it because it's "easier for them to find stuff or easier for them to install stuff".
Typically speaking, unless you're going to comb through the autogen.sh, configure and make files you aren't going to know your linux machine is 100% safe.

[/quote]
I'm sort of undecided on this one. If you have a fully encrypted backup, then sure upload it to the clous (by fully encrypted I mean assymetrically encrypted using a public key-private key pair that is at least the strength of encryption system Bitcoin is based upon - the file is generally a few megabytes in size at most).

---

Typically speaking, if using bitcoin core. You can add a password to your wallet file (offline after making the first address), back it up and then keep using your wallet file as long as it is a hd wallet and not back it up again. Similarly, with most SPV wallets that are bip39 comaptible, all that's needed is to put the seed somewhere on another hard drive (encrypted and NOT AS A FILE NAME). Encryption must be done with a strong password though.

Encrypting the file asymmetrically would require a way larger key compared to encrypting it symmetrically.
The advantage of asymmetric encryption is the solution of the key exchange. It doesn't need one. But if you are only encrypting it as a backup for your own, using symmetric encryption is favorable.
Asymmetric keys have to be 10 (or more!) times larger than symmetric keys to have an equal bit strength.

Theoretically, a proper encrypted file with a key which is long enough to be considered safe should be absolutely fine. Even stored offline.
But the devil is in the detail. You have to rely on the software you use to encrypt the data to be correctly implemented (e.g. entropy).

In case of a data leak (on the cloud provider side) AND an incorrectly implemented algorithm, your keys are at risk. This scenario is pretty unlikely. But it should be considered nevertheless.

It is a fairly tiny file though in comparison to some backups if you get everything to be a gigabyte in size then it's not too much of an issue.
The idea with assymatry is that you can keep a unencrypted copy of the public key on your computer and then easily find the private key by putting it into an electrum client on an offline computer for example so you know the exact key (especially if there are multiple wallet files you're trying to back up)...

Symmetric encryption also works but you might have to keep reusing private keys or get stuck remembering which you used for which file.

@UKUSA22 if you have your backup (attached) in the same system, then you have done it wrong
backup really does help against ransomware as long as you are doing it properly
bob123 is correct, always detach your backup drive off the main system
btw, I heard there's a ransomware variant that makes the drive unformattable, any true to that?

We're discussing cloud backups? So you'd use a service that offer the avaliability of backups which will keep the data more secure (hopefully) or at least keep another copy you can rely upon, care must then be taken when encrypting the file.

My best practice is to do incremental backups, where previous backups are not being over-written by newer data that are added later. I also keep a hard copy of previous backups, separate from newer backups to stop cross infection.

You need to keep the copies of your backups as total separate copies. Once you access previous copies, those backups can be infected too. So only use copies of original backups, when you do the restore. <not the originals>

The cost of the backups might be more, but the re-installation will not be from infected originals that are being overwritten over and over again.  ::)

Making a hard drive unformattable per se is not possible. Especially not on a software level.
With root access on a machine, you have full control over the hardware. Formatting is always a possibility.

But malware could theoretically flash the firmware of a hard drive to make it unusable.
This damage can still be repaired by a person with enough understanding, but most probably this would result in replacing the hard drive because of failure.
Especially since such a damage would be non-standard and probably more costly to let it fix by IT repair services, than to simply buy a new one.

The backups are important, not only to save your ass from a ransomware, there are one hundred ways your pc can get fucked up, Ransomware is just one of those ways. But i'm here with a solution for you.

Use Linux and avoid Ransomware, you can have a pc with half disk on linux and half disk on windows, that way of you are doing some job stuff you can use windows, and if you want to navigate on the web or do something 'risky' then you can use linux. Good security practices are the way to avoid all kind of viruses...