smart to mask back-ups as system files?

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.
  • A Patch for SpinRite 6.0's Division Overflow
    Please see my blog posting for the whole story!

Status
Not open for further replies.

mappo

Member
Sep 25, 2021
6
0
Sweden
Since ransomware attacks are about speed they tend to ignore "boring" files.
So, would it be clever to backup all my documents in docs.zip and then rename the file to something like win32.dll ?
This is just a naive example, but more generally, could my files be left alone hidden in plain sight like this?
 
Sep 17, 2020
205
60
65
London UK
So, would it be clever to backup all my documents in docs.zip and then rename the file to something like win32.dll ?
If you are going to the bother backing up you files, there is little point leaving the backup on the same computer! Just store them elsewhere, ie DVD, you will not have to worry about them getting encrypted then.
 
  • Like
Reactions: PHolder

DanR

Dan
Sep 17, 2020
241
77
This is just a naive example, but more generally, could my files be left alone hidden in plain sight like this?
Short answer: It is NOT a good idea.

Long answer: It is NOT a good idea, because if anything happens to the drive you have backed up this way, your backups are probably toast. And useless to you.

Burning your backups to a DVD is one option. My preferred option is to use an external USB HDD for my backups.

- Roomy TB sized USB HDD's are inexpensive
- They are portable so multiple systems could be backed up to the same drive
- As older backups become obsolete, they can be easily deleted to free up space

Tip: Never leave an external backup drive connected except when doing a backup. If malware should get into your system and trash the main drive, it would likely also trash any connected external drives.
 
  • Like
Reactions: Telmeanius

Tazz

Not my real name.
Sep 18, 2020
47
17
Nova Scotia, Canada
Here's part of my backup process:
I have a dedicated, bitlockered, internal hard drive in one of my PCs that I copy my Macrium Reflect backup files to. After they're copied I thake the drive offline. It's only online when it's time to add new backup copies to it. Every time I bring it online I have to enter the password/phrase to unlock it.

Tip: Never leave an external backup drive connected except when doing a backup. If malware should get into your system and trash the main drive, it would likely also trash any connected external drives.
I remember reading somewhere that even mapped network drives were getting infected with some strains of ransomware from the infected PC.
 

DanR

Dan
Sep 17, 2020
241
77
I remember reading somewhere that even mapped network drives were getting infected with some strains of ransomware from the infected PC.
Yep. The bad stuff just keeps getting smarter and smarter. :( Sigh.
 

rfrazier

Well-known member
Sep 30, 2020
547
188
Here's how I backup my PC's SATA drives. I will go ahead and admit that this has the problem of it's hard to do and therefore doesn't get done too often. But, I STRONGLY prefer CLONE backups. If I have a clone backup, and my main drive goes down, I just put in the backup drive, boot, download new stuff like email, and go. I use POP for my email instead of IMAP. That means I can have years on archive on the PC. I download the email on multiple computers. I use a clone box to do the backup. There are many with various reputations. But, mine is a Kingwin Powerdock that's a few years old.


kingwin power dock.jpg

Before I clone my drive, I run a chkdisk on it. So, you just put your source drive in the source slot, put the target drive in the target slot, make QUADRUPLE sure you didn't reverse them, push a button, and walk away for 5-6 hours for a 2 TB drive. It probably doesn't copy at full SATA speed, because it's probably limited either by the drive or the box. But, it's WAY faster than USB 2. Once it's done, I boot the target drive in the laptop, let it stabilize, and run a chkdisk on it. Then I shut it down, swap the source drive back in, and go back to my normal routine. The target drive has to be as big or bigger than the source. That's the one hitch. Even a small discrepancy in the wrong direction may prevent the cloning.

You can also do similar things with an external drive case, as mentioned. Actually, this device can function as a dock. In the past, I've used Terabyte Image For Windows at @Steve S recommendation. This can copy most things while Windows is running.

If you have a virus in your system, you're going to end up backing it up. This doesn't solve that problem. BUT, if the PC is shut down, and the drive is in a clone box, I can guarantee that the virus will not be ACTIVE at that time.

I have all my data files set to backup online with an old copy of Jungledisk storing to Amazon Web Services. I use the "backup everything I don't exclude" philosophy. Most of Windows and most really enormous things are excluded.

This all works reasonably well with the laptop. Now, the hard drive in my laptop is pretty easy to remove and clone. That's not true of all laptops. It is also not true of my desktop machine. Therefore, my great strategy isn't so great there. It does have the online backup. And, I try to run SpinRite a couple of times per year. I would certainly force myself to do a backup if I thought the drive was starting to get wonky. But, even so, I've never had what I consider to be a really great backup strategy. To me, a great strategy would be weekly or biweekly clone backups and daily differential backups with target drives being rotated offsite as well as online backups. I've never been able to make all that happen.

Anyway, hope this info is useful to someone.

May your bits be stable and your interfaces be fast. :cool: Ron
 

Intuit

Well-known member
Dec 27, 2020
80
21
Some people perform incremental backups between the whole-system backups. For incremental backups, live-system storage may be an acceptable risk.

OneDrive, Carbonite and similar cloud-storage services are more resistant to ransomware due to file-history.
 

Barry Wallis

Professional Magician
@rfrazier: I have a simple, continuous backup strategy. I have a 3TB hard drive connected to my laptop that is set to run Windows File History to it. I also have my files continuously backed up to OneDrive. Since I am in the Windows Insider Dev channel (and other reasons), I have had to occasionally do full restores over the last several years and have never lost any data.
 

rfrazier

Well-known member
Sep 30, 2020
547
188
@Barry Wallis Interesting. An external drive on my laptop really doesn't work for me because I'm always moving the PC around and because it has USB 2. I actually miss the old days when laptops had PCI card interfaces, which were much faster. I also know USB 3 and USB C are much faster, but I had a PCI card interface on my laptop two generations ago. I could actually do more with that machine than the one I'm in front of now. Of course, raw processor speed was slower. What you've described sounds interesting. When you have time and if you wish, maybe you can elaborate. Surely you don't have enough network bandwidth to backup all file writes to OneDrive. Anyway, it sounds cool.

The following is off the wall, but this PC has an HDMI port. According to Google, those can support up to 10 Gbps, even faster than USB 3. So, has anyone ever used THAT for data transfer?

May your bits be stable and your interfaces be fast. :cool: Ron
 

Barry Wallis

Professional Magician
When you have time and if you wish, maybe you can elaborate. Surely you don't have enough network bandwidth to backup all file writes to OneDrive.
Bandwidth to OneDrive isn't a problem (at least not after the initial upload which happened four Surface Books ago) since everything now is the equivalent of incremental. The "secret" is using Files on Demand. Whenever I move to a new laptop or reinstall Windows from scratch, OneDrive only downloads the files I need when I need them. I currently have 506GB on disk that represent 1.1TB total file space.

I do have my hard drive on a USB 3 with a capacity of 3.63TB. My File History files take up 760GB and allows me to restore every file going back to August 10, 2019.
 
  • Like
Reactions: rfrazier

Lob

What could possibly go wrong?
Nov 7, 2020
162
45
I Veeam a daily backup across my TailScale APN to my server that is then backed up to OneDrive. My server has 1Tb of OneDrive as it has its own account in my family O/M365 setup. The benefit of TailScale means I have this backup working as long as I have an Internet connection.

For my wife, I configured TimeMachine onto one of my Synology boxes for her. This is not presently off-sited but I was considering putting SyncThing into play to push it out to location #2 for a little redundancy....
 

Dave New

Well-known member
Nov 23, 2020
83
45
I use BackBlaze on all the laptops in the house. US$5/month or $50/year per machine, unlimited data. Covers all local attached storage. My Photoshop machine has 9 TB of storage (two 4 TB external drives and one internal 1 TB drive), and it is all backed up for the same price as my ham shack machine which only has a single 1 TB internal drive. I used to have to throttle BackBlaze backup speeds when I was on Comcrap, which only allowed 6 mbps upload speed, or else my game-playing grandson would complain. Now that we have 300 mbps fiber-to-the-home, that's no longer an issue.

When a drive goes down, I order an encrypted drive from BackBlaze, restore the data to the new drive and return the loaner drive to BackBlaze. BackBlaze pays to send you the drive overnight, and temporarily charges your credit card for the drive cost, then refunds you when you return the drive in less than 30 days. The only out-of-pocket expanse when all is said and done is the return postage to send the loaner drive back to BackBlaze.

So shipping a drive overnight beats the fastest download speed you can get. Remember, "nothing beats the bandwidth of a station wagon full of computer tapes barreling across the desert".
 
Status
Not open for further replies.