Bitcoin Forum
November 19, 2024, 11:13:53 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: How useful is Backup against Ransomware  (Read 416 times)
BitcoinSupremo (OP)
Copper Member
Hero Member
*****
Offline Offline

Activity: 1442
Merit: 529


View Profile
August 24, 2018, 03:45:38 PM
 #1

What are your practices to ensure a safe data keeping including all of your wallets (not talking about normal malware which can redirect your copy paste BTC address to another one) but I am talking in a situation where all your data is locked from a Ransomware. In case you did a backup every week of the entire image disk, the only thing you would lose is a week of data. Of course keep the image recovery in an external hard drive.

Any better security practices against Ransomware ?
ranochigo
Legendary
*
Online Online

Activity: 3038
Merit: 4420


Crypto Swap Exchange


View Profile
August 24, 2018, 04:05:37 PM
 #2

I'll be surprised if the ransomware didn't include something which sweeps Bitcoin wallets, considering that they accept Bitcoin payments afterall.

Backups aren't really going to save anything other than your wallets. If you are someone who at least is good at managing their crypto assets, then your wallet shouldn't be your biggest concern; just keep them offline like I do. Avoiding ransomware is the same as avoiding any other malware; practicing good security, antivirus, regular updates etc.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
August 24, 2018, 04:42:19 PM
 #3

If you have a good password and have written down your seed/printed out your private keys then you can easily get everything back from there providing they haven't a confirmed transaction with it.

If someone was using malware and decided to pay everything to themselves, I'd run a separate transaction to compete with the fee that they set, if they retaliate then I'd put everything into the transaction fee and send them nothing and then I at least have the knowledge that my coins went to maintaining the bitcoin network rather than falling into the hands of a scammer.
ranochigo
Legendary
*
Online Online

Activity: 3038
Merit: 4420


Crypto Swap Exchange


View Profile
August 24, 2018, 05:06:34 PM
 #4

If someone was using malware and decided to pay everything to themselves, I'd run a separate transaction to compete with the fee that they set, if they retaliate then I'd put everything into the transaction fee and send them nothing and then I at least have the knowledge that my coins went to maintaining the bitcoin network rather than falling into the hands of a scammer.
Isn't as simple. If they don't flag opt-in RBF, whoever is the fastest in spending the outputs gets the coin. Most nodes don't relay double spends and they simply ignore any subsequent transactions. You can obviously request miners to not include it but it would take way too long. Also doubt that you would realise that your coins are stolen before it confirms.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
bob123
Legendary
*
Offline Offline

Activity: 1624
Merit: 2481



View Profile WWW
August 24, 2018, 05:28:59 PM
Merited by suchmoon (4)
 #5

Any better security practices against Ransomware ?

Simple answer: No.

Periodic backups are actually the best protection mechanism against ransomware.

Once you are hit by a ransomware you basically have 3 options:
1) You pay the ransom and have to hope that you'll get the decryption key and/or the files have not been deleted (No guarantee of getting your data back).
2) You do not pay the ransom and wait that some engineers will find an encryption tool (works with flaws in the ransomware, no guarantee of getting your data back).
3) You do not pay and simply copy over your backup. This takes you a few hours at most, but will give you all of your data back (at least most of it, depending on the last backup).


The only real option (where you surely get your data back) is to have backups. All other options either rely on someone else reverse engineering it or the attacker to be 'trustful'.

jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
August 24, 2018, 05:41:42 PM
 #6

If someone was using malware and decided to pay everything to themselves, I'd run a separate transaction to compete with the fee that they set, if they retaliate then I'd put everything into the transaction fee and send them nothing and then I at least have the knowledge that my coins went to maintaining the bitcoin network rather than falling into the hands of a scammer.
Isn't as simple. If they don't flag opt-in RBF, whoever is the fastest in spending the outputs gets the coin. Most nodes don't relay double spends and they simply ignore any subsequent transactions. You can obviously request miners to not include it but it would take way too long. Also doubt that you would realise that your coins are stolen before it confirms.

I thought they were configured to dump the transaction with the lower fee, is that not the case any more?
bob123
Legendary
*
Offline Offline

Activity: 1624
Merit: 2481



View Profile WWW
August 24, 2018, 05:49:12 PM
 #7

[...]
[...] Most nodes don't relay double spends and they simply ignore any subsequent transactions [...]

I thought they were configured to dump the transaction with the lower fee, is that not the case any more?


I can confirm that most nodes do only relay the first transaction they have received, regardless of the fee paid.

But unfortunately i can't tell, whether there was a change to achieve this. I thought it always has been like this.

LoyceV
Legendary
*
Offline Offline

Activity: 3500
Merit: 17698


Thick-Skinned Gang Leader and Golden Feather 2021


View Profile WWW
August 24, 2018, 05:53:38 PM
 #8

In case you did a backup every week of the entire image disk, the only thing you would lose is a week of data. Of course keep the image recovery in an external hard drive.
Use more than one backup, and overwrite them in chronological order. You don't want to be overwriting your old backup, right when you need it.

Quote
Any better security practices against Ransomware ?
Use an OS that doesn't support it Cheesy

▄▄███████████████████▄▄
▄█████████▀█████████████▄
███████████▄▐▀▄██████████
███████▀▀███████▀▀███████
██████▀███▄▄████████████
█████████▐█████████▐█████
█████████▐█████████▐█████
██████████▀███▀███▄██████
████████████████▄▄███████
███████████▄▄▄███████████
█████████████████████████
▀█████▄▄████████████████▀
▀▀███████████████████▀▀
Peach
BTC bitcoin
Buy and Sell
Bitcoin P2P
.
.
▄▄███████▄▄
▄████████
██████▄
▄██
█████████████████▄
▄███████
██████████████▄
███████████████████████
█████████████████████████
████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀

▀▀▀▀███▀▀▀▀
EUROPE | AFRICA
LATIN AMERICA
▄▀▀▀











▀▄▄▄


███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
████████████▀
▐███████████▌
▐███████████▌
████████████▄
██████████████
███▀███▀▀███▀
.
Download on the
App Store
▀▀▀▄











▄▄▄▀
▄▀▀▀











▀▄▄▄


▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀
.
GET IT ON
Google Play
▀▀▀▄











▄▄▄▀
ranochigo
Legendary
*
Online Online

Activity: 3038
Merit: 4420


Crypto Swap Exchange


View Profile
August 24, 2018, 05:58:30 PM
 #9

I thought they were configured to dump the transaction with the lower fee, is that not the case any more?
I highly doubt so. Mempool conflict would occur regardless of the fee. RBF was possible years ago.

Opt-in RBF is possible now, if they choose to flag it in the transaction. If they're smart, they won't enable it.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
bob123
Legendary
*
Offline Offline

Activity: 1624
Merit: 2481



View Profile WWW
August 24, 2018, 05:59:30 PM
 #10

Quote
Any better security practices against Ransomware ?
Use an OS that doesn't support it Cheesy

An OS which doesn't support what?
I can't imagine a single OS which can not be a victim of ransomware.

I mean.. it is easy conceivable that some OS are more targeted than others. But an OS which is immune ?
Maybe only an OS where each script is being run as nobody Cheesy

BitcoinSupremo (OP)
Copper Member
Hero Member
*****
Offline Offline

Activity: 1442
Merit: 529


View Profile
August 24, 2018, 06:04:45 PM
 #11

Quote
Use an OS that doesn't support it Cheesy

I am talking about Windows but I guess this is already understood by now  Grin. Anyway I am glad that I do backups regularly.
I should stick with this practice.
bob123
Legendary
*
Offline Offline

Activity: 1624
Merit: 2481



View Profile WWW
August 24, 2018, 06:10:36 PM
 #12

Anyway I am glad that I do backups regularly.

Thats good.

But do you also unmount (or unplug) your hard drive each time after the backup ?
If your drive is plugged in and mounted the ransomware will simply also encrypt the backup.

Quite a few people seem to forget about this point Cheesy
Keeping the backup drive plugged in is always a bad idea (e.g. ransomware, lightning strike, .. ).

HeRetiK
Legendary
*
Offline Offline

Activity: 3122
Merit: 2178


Playgram - The Telegram Casino


View Profile
August 24, 2018, 10:17:24 PM
 #13

[...]

But do you also unmount (or unplug) your hard drive each time after the backup ?
If your drive is plugged in and mounted the ransomware will simply also encrypt the backup.

[...]

Same is also true for NAS drives and shared network folders. Worse still, if multiple machines within your network have access to the same NAS (which usually is kind of the point), every machine becomes a liability.

▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄░░
▀▄







▄▀
▀▀▀░░
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░
░█████▀██▄▄░▄▄██▀█████░
█████▄░▄███▄███▄░▄█████
███████████████████████
███████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░██
██░░░░██░░░░██░░░░████
██░░░░██░░░░██░░░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████
 
PLAY NOW

on Telegram
[/
AirdropsCoin
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
August 25, 2018, 09:06:13 AM
 #14

Cloud-Based Backup creates copies of all your files, and even your entire operating system – and keeps it safe, away from attackers and the threats of Ransomware
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
August 25, 2018, 09:49:51 AM
 #15

[...]

But do you also unmount (or unplug) your hard drive each time after the backup ?
If your drive is plugged in and mounted the ransomware will simply also encrypt the backup.

[...]

Same is also true for NAS drives and shared network folders. Worse still, if multiple machines within your network have access to the same NAS (which usually is kind of the point), every machine becomes a liability.

They're both true, I was looking into using drive cloning on an asic style device. There are complex ways to mount drives so they don't get infected by viruses or interrupted by them during backups (for example using safe mode or a live Linux OS).

Although heuristic algoriths are often noticed by antivirus for their resource intensiveness.
LoyceV
Legendary
*
Offline Offline

Activity: 3500
Merit: 17698


Thick-Skinned Gang Leader and Golden Feather 2021


View Profile WWW
August 25, 2018, 02:45:21 PM
 #16

An OS which doesn't support what?
Basically anything non-Windows.

Quote
I can't imagine a single OS which can not be a victim of ransomware.
But after some reading I can say you're right: it can happen on any OS. I just expect it to be much more likely on Windows.

Cloud-Based Backup creates copies of all your files
I would definitely not upload wallets to cloud storage, that's like the opposite of cold storage.

▄▄███████████████████▄▄
▄█████████▀█████████████▄
███████████▄▐▀▄██████████
███████▀▀███████▀▀███████
██████▀███▄▄████████████
█████████▐█████████▐█████
█████████▐█████████▐█████
██████████▀███▀███▄██████
████████████████▄▄███████
███████████▄▄▄███████████
█████████████████████████
▀█████▄▄████████████████▀
▀▀███████████████████▀▀
Peach
BTC bitcoin
Buy and Sell
Bitcoin P2P
.
.
▄▄███████▄▄
▄████████
██████▄
▄██
█████████████████▄
▄███████
██████████████▄
███████████████████████
█████████████████████████
████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀

▀▀▀▀███▀▀▀▀
EUROPE | AFRICA
LATIN AMERICA
▄▀▀▀











▀▄▄▄


███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
████████████▀
▐███████████▌
▐███████████▌
████████████▄
██████████████
███▀███▀▀███▀
.
Download on the
App Store
▀▀▀▄











▄▄▄▀
▄▀▀▀











▀▄▄▄


▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀
.
GET IT ON
Google Play
▀▀▀▄











▄▄▄▀
btj
Member
**
Offline Offline

Activity: 115
Merit: 16


View Profile
August 27, 2018, 12:59:13 AM
 #17

Paper wallet i think is the most secured solution.

External hard drive, USB,  or any same alternative can be hacked today or tomorrow ...

If you want keep your wallet on your OS, there no 100% secured OS and all can be affected by ransomware attack ... even if your OS is 100% secure (Which is impossible), programs you install on it like: Adobe products, Office, and any needed softwares for your work are not safe !!! Each time new hacker discover new bug and an army of Cryptocurrencies hunters begin to exploit it actively  ...
Theb
Hero Member
*****
Offline Offline

Activity: 1680
Merit: 655


View Profile
August 27, 2018, 08:12:37 AM
Last edit: August 27, 2018, 09:38:07 AM by Theb
 #18

Simple answer: No.

Periodic backups are actually the best protection mechanism against ransomware.

Once you are hit by a ransomware you basically have 3 options:
1) You pay the ransom and have to hope that you'll get the decryption key and/or the files have not been deleted (No guarantee of getting your data back).
Yup I agree with what others have said, backing up your wallet and keeping your coins offline is really the best thing you can do, because once your device is targeted by a ransomware there is really no assurance that they will unlock your device even if you paid, and even if they did unlock your device there is no guarantee that your device is clean from the malware that has been in it, they might just be cloaking their real attack by thinking that your device is malware free, and they are just waiting for their next attack once they get the sufficient data needed to steal some more from you. So in other words I really don't like the option of paying the ransomware for your device that is already compromised by them.

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
Lucius
Legendary
*
Offline Offline

Activity: 3430
Merit: 6169


Eternal Thanks and Glory to the City of Heroes


View Profile WWW
August 27, 2018, 01:23:22 PM
 #19

What are your practices to ensure a safe data keeping including all of your wallets (not talking about normal malware which can redirect your copy paste BTC address to another one) but I am talking in a situation where all your data is locked from a Ransomware. In case you did a backup every week of the entire image disk, the only thing you would lose is a week of data. Of course keep the image recovery in an external hard drive.

Any better security practices against Ransomware ?


Apart from regulars backup on external device it would be better to not even use any desktop hot wallet on device which has internet access. Solution is to have two device, airgapped for cold wallet and watch only in device with internet, you just need to be sure to not infect airgapped device through usb stick.

Regarding hardware wallets, are they also exposed to ransomware or they are protected from such attack? We can often read that even our device is infected, using hardware wallets on such device should be safe - whether this also applies to ransomware?

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
August 27, 2018, 08:34:11 PM
 #20

Quote
I can't imagine a single OS which can not be a victim of ransomware.
But after some reading I can say you're right: it can happen on any OS. I just expect it to be much more likely on Windows.
I think Windows is more vulnerable because it's used by people who have less of a grasp on computing (ok there are people who are clever who use Windows and I don't know why people would use mac OS as they're just supporting plagiarism but a majority of people who use windows are using it because it's "easier for them to find stuff or easier for them to install stuff".
Typically speaking, unless you're going to comb through the autogen.sh, configure and make files you aren't going to know your linux machine is 100% safe.

Cloud-Based Backup creates copies of all your files
I would definitely not upload wallets to cloud storage, that's like the opposite of cold storage.
[/quote]
I'm sort of undecided on this one. If you have a fully encrypted backup, then sure upload it to the clous (by fully encrypted I mean assymetrically encrypted using a public key-private key pair that is at least the strength of encryption system Bitcoin is based upon - the file is generally a few megabytes in size at most).



Typically speaking, if using bitcoin core. You can add a password to your wallet file (offline after making the first address), back it up and then keep using your wallet file as long as it is a hd wallet and not back it up again. Similarly, with most SPV wallets that are bip39 comaptible, all that's needed is to put the seed somewhere on another hard drive (encrypted and NOT AS A FILE NAME). Encryption must be done with a strong password though.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!