How useful is Backup against Ransomware

[BitcoinSupremo]

What are your practices to ensure a safe data keeping including all of your wallets (not talking about normal malware which can redirect your copy paste BTC address to another one) but I am talking in a situation where all your data is locked from a Ransomware. In case you did a backup every week of the entire image disk, the only thing you would lose is a week of data. Of course keep the image recovery in an external hard drive.

Any better security practices against Ransomware ?

[ranochigo]

I'll be surprised if the ransomware didn't include something which sweeps Bitcoin wallets, considering that they accept Bitcoin payments afterall.

Backups aren't really going to save anything other than your wallets. If you are someone who at least is good at managing their crypto assets, then your wallet shouldn't be your biggest concern; just keep them offline like I do. Avoiding ransomware is the same as avoiding any other malware; practicing good security, antivirus, regular updates etc.

[jackg]

If you have a good password and have written down your seed/printed out your private keys then you can easily get everything back from there providing they haven't a confirmed transaction with it.

If someone was using malware and decided to pay everything to themselves, I'd run a separate transaction to compete with the fee that they set, if they retaliate then I'd put everything into the transaction fee and send them nothing and then I at least have the knowledge that my coins went to maintaining the bitcoin network rather than falling into the hands of a scammer.

[ranochigo]

If someone was using malware and decided to pay everything to themselves, I'd run a separate transaction to compete with the fee that they set, if they retaliate then I'd put everything into the transaction fee and send them nothing and then I at least have the knowledge that my coins went to maintaining the bitcoin network rather than falling into the hands of a scammer.

Isn't as simple. If they don't flag opt-in RBF, whoever is the fastest in spending the outputs gets the coin. Most nodes don't relay double spends and they simply ignore any subsequent transactions. You can obviously request miners to not include it but it would take way too long. Also doubt that you would realise that your coins are stolen before it confirms.

[bob123]

Any better security practices against Ransomware ?

Simple answer: No.

Periodic backups are actually the best protection mechanism against ransomware.

Once you are hit by a ransomware you basically have 3 options:
1) You pay the ransom and have to hope that you'll get the decryption key and/or the files have not been deleted (No guarantee of getting your data back).
2) You do not pay the ransom and wait that some engineers will find an encryption tool (works with flaws in the ransomware, no guarantee of getting your data back).
3) You do not pay and simply copy over your backup. This takes you a few hours at most, but will give you all of your data back (at least most of it, depending on the last backup).


The only real option (where you surely get your data back) is to have backups. All other options either rely on someone else reverse engineering it or the attacker to be 'trustful'.

[jackg]

If someone was using malware and decided to pay everything to themselves, I'd run a separate transaction to compete with the fee that they set, if they retaliate then I'd put everything into the transaction fee and send them nothing and then I at least have the knowledge that my coins went to maintaining the bitcoin network rather than falling into the hands of a scammer.

Isn't as simple. If they don't flag opt-in RBF, whoever is the fastest in spending the outputs gets the coin. Most nodes don't relay double spends and they simply ignore any subsequent transactions. You can obviously request miners to not include it but it would take way too long. Also doubt that you would realise that your coins are stolen before it confirms.

I thought they were configured to dump the transaction with the lower fee, is that not the case any more?

[bob123]

[...]

[...] Most nodes don't relay double spends and they simply ignore any subsequent transactions [...]

I thought they were configured to dump the transaction with the lower fee, is that not the case any more?

I can confirm that most nodes do only relay the first transaction they have received, regardless of the fee paid.

But unfortunately i can't tell, whether there was a change to achieve this. I thought it always has been like this.

[LoyceV]

In case you did a backup every week of the entire image disk, the only thing you would lose is a week of data. Of course keep the image recovery in an external hard drive.

Use more than one backup, and overwrite them in chronological order. You don't want to be overwriting your old backup, right when you need it.

Any better security practices against Ransomware ?

Use an OS that doesn't support it

[ranochigo]

I thought they were configured to dump the transaction with the lower fee, is that not the case any more?

I highly doubt so. Mempool conflict would occur regardless of the fee. RBF was possible years ago.

Opt-in RBF is possible now, if they choose to flag it in the transaction. If they're smart, they won't enable it.

[bob123]

Any better security practices against Ransomware ?

Use an OS that doesn't support it

An OS which doesn't support what?
I can't imagine a single OS which can not be a victim of ransomware.

I mean.. it is easy conceivable that some OS are more targeted than others. But an OS which is immune ?
Maybe only an OS where each script is being run as nobody

[BitcoinSupremo]

Use an OS that doesn't support it

I am talking about Windows but I guess this is already understood by now  . Anyway I am glad that I do backups regularly.
I should stick with this practice.

[bob123]

Anyway I am glad that I do backups regularly.

Thats good.

But do you also unmount (or unplug) your hard drive each time after the backup ?
If your drive is plugged in and mounted the ransomware will simply also encrypt the backup.

Quite a few people seem to forget about this point
Keeping the backup drive plugged in is always a bad idea (e.g. ransomware, lightning strike, .. ).

[HeRetiK]

[...]

But do you also unmount (or unplug) your hard drive each time after the backup ?
If your drive is plugged in and mounted the ransomware will simply also encrypt the backup.

[...]

Same is also true for NAS drives and shared network folders. Worse still, if multiple machines within your network have access to the same NAS (which usually is kind of the point), every machine becomes a liability.

[AirdropsCoin]

Cloud-Based Backup creates copies of all your files, and even your entire operating system – and keeps it safe, away from attackers and the threats of Ransomware

[jackg]

[...]

But do you also unmount (or unplug) your hard drive each time after the backup ?
If your drive is plugged in and mounted the ransomware will simply also encrypt the backup.

[...]

Same is also true for NAS drives and shared network folders. Worse still, if multiple machines within your network have access to the same NAS (which usually is kind of the point), every machine becomes a liability.

They're both true, I was looking into using drive cloning on an asic style device. There are complex ways to mount drives so they don't get infected by viruses or interrupted by them during backups (for example using safe mode or a live Linux OS).

Although heuristic algoriths are often noticed by antivirus for their resource intensiveness.

[LoyceV]

An OS which doesn't support what?

Basically anything non-Windows.

I can't imagine a single OS which can not be a victim of ransomware.

But after some reading I can say you're right: it can happen on any OS. I just expect it to be much more likely on Windows.

Cloud-Based Backup creates copies of all your files

I would definitely not upload wallets to cloud storage, that's like the opposite of cold storage.

[btj]

Paper wallet i think is the most secured solution.

External hard drive, USB,  or any same alternative can be hacked today or tomorrow ...

If you want keep your wallet on your OS, there no 100% secured OS and all can be affected by ransomware attack ... even if your OS is 100% secure (Which is impossible), programs you install on it like: Adobe products, Office, and any needed softwares for your work are not safe !!! Each time new hacker discover new bug and an army of Cryptocurrencies hunters begin to exploit it actively  ...

[Theb]

Simple answer: No.

Periodic backups are actually the best protection mechanism against ransomware.

Once you are hit by a ransomware you basically have 3 options:
1) You pay the ransom and have to hope that you'll get the decryption key and/or the files have not been deleted (No guarantee of getting your data back).

Yup I agree with what others have said, backing up your wallet and keeping your coins offline is really the best thing you can do, because once your device is targeted by a ransomware there is really no assurance that they will unlock your device even if you paid, and even if they did unlock your device there is no guarantee that your device is clean from the malware that has been in it, they might just be cloaking their real attack by thinking that your device is malware free, and they are just waiting for their next attack once they get the sufficient data needed to steal some more from you. So in other words I really don't like the option of paying the ransomware for your device that is already compromised by them.

[Lucius]

What are your practices to ensure a safe data keeping including all of your wallets (not talking about normal malware which can redirect your copy paste BTC address to another one) but I am talking in a situation where all your data is locked from a Ransomware. In case you did a backup every week of the entire image disk, the only thing you would lose is a week of data. Of course keep the image recovery in an external hard drive.

Any better security practices against Ransomware ?

Apart from regulars backup on external device it would be better to not even use any desktop hot wallet on device which has internet access. Solution is to have two device, airgapped for cold wallet and watch only in device with internet, you just need to be sure to not infect airgapped device through usb stick.

Regarding hardware wallets, are they also exposed to ransomware or they are protected from such attack? We can often read that even our device is infected, using hardware wallets on such device should be safe - whether this also applies to ransomware?

[jackg]

I can't imagine a single OS which can not be a victim of ransomware.

But after some reading I can say you're right: it can happen on any OS. I just expect it to be much more likely on Windows.

I think Windows is more vulnerable because it's used by people who have less of a grasp on computing (ok there are people who are clever who use Windows and I don't know why people would use mac OS as they're just supporting plagiarism but a majority of people who use windows are using it because it's "easier for them to find stuff or easier for them to install stuff".
Typically speaking, unless you're going to comb through the autogen.sh, configure and make files you aren't going to know your linux machine is 100% safe.

Cloud-Based Backup creates copies of all your files

I would definitely not upload wallets to cloud storage, that's like the opposite of cold storage.

[/quote]
I'm sort of undecided on this one. If you have a fully encrypted backup, then sure upload it to the clous (by fully encrypted I mean assymetrically encrypted using a public key-private key pair that is at least the strength of encryption system Bitcoin is based upon - the file is generally a few megabytes in size at most).


Typically speaking, if using bitcoin core. You can add a password to your wallet file (offline after making the first address), back it up and then keep using your wallet file as long as it is a hd wallet and not back it up again. Similarly, with most SPV wallets that are bip39 comaptible, all that's needed is to put the seed somewhere on another hard drive (encrypted and NOT AS A FILE NAME). Encryption must be done with a strong password though.