Though maybe not the same malware as the one discussed in this thread, there is good news on the ransomware front:

http://news.softpedia.com/news/petya-ran...on-502798.shtml

Excellent! I don't know if I've come across that exact variant before, but I've had customers hit by other ransomware infections, so hopefully those will get unlocked too.

Every time I get a call about one of those, I just have to hope that they have a backup of their files. I'm continually surprised by how many of my clients actively choose not to back up their files.

And a backup on a drive not usually connected to the machine! Won't help if your external drive with your backup files gets encrypted, too.

-jk

Cloud based backup services will help greatly precisely because of because of that.

Also, running your backup script under different dedicated credentials, so that an external backup unit won't be accessible by a standard user. This adds some complexity and has a number of shortcomings, but can help.

I have two external drives used only for backups that are always physically connected, but are only powered up during actual backups and the [very] occasional retrieval of a file.

Am I right in thinking that this gives me at least some additional measure of protection? I also have two external drives that are only backed up a few times a year that are kept off-premises in a closet at my neighbor's house for ultimate emergencies. I have no "mission critical" information on my computer, but I do have a lot of data (~4 TB, photos, correspondence, tax info, etc.) that I would be pretty unhappy to lose. Nothing that would change my life if I lost it, but there would be inconveniences...

tanstaafl.

Yes, but with the following caveats:

- Only works if you're sure the drive requires external power to operate. For instance some USB drives will get their power from the USB cable. If your drive definitely needs the external power, then, powering it off is the same as disconnecting the cable in terms of infection risk.

- If you get infected with malware, in order to prevent the malware from spreading to the backup drive, you have to know that you've been infected so that you don't unwittingly power on the drive (or worse, begin a full disk backup) while you're infected. Some pieces of malware are very stealthy and don't announce their presence right away (or at all).

- Mustn't reconnect the backup disk until you're certain that the computer has been purged of the malware/ransomware.

I don't know if any ransomware is clever enough to deliberately keep itself quiet for a while, waiting long enough for you to have completed a backup or two before triggering the ransom demand. I have heard of situations where people say that their backups also got held for ransom. I don't know the mechanism in that case, but I can imagine that there might be a couple of scenarios under which that could happen even if the ransomware didn't have a pre-programmed wait. For example, perhaps the ransomware keeps quiet while it's taking the time to encrypt every file on the hard disk, only announcing its presence and "locking" the files at the last instant after the long encryption procedure is done. If one were to make a backup (or even merely connect/powerup the external backup drive) during that phase, then they'd be SOL.

You should rotate those drives away from the computer periodically, so that they're not connected, and -- if possible -- in a completely different location.

I have a 4 disk rotation for my server: "Daily 1", "Daily 2", "Weekly 1" and "Weekly 2". "Daily 1" and "Daily 2" generally stay connected to the server. "Weekly 1" and "Weekly 2" rotate offsite regularly (though not weekly, as it happens -- because I don't actually visit our Cambridge office as frequently as Hugo would like...). This means that I always have a backup that's (reasonably) recent, that's stored somewhere completely different.

Then, every 6-12 months (I'm not rigorous about it), I "retire" one of the disks, so that -- in effect -- "Weekly 1" becomes "2015-07", "2016-02", etc., and I replace it with a new "Weekly 1". This also allows me to smoothly upgrade to larger backup disks as needed.

This is made much easier by the fact that I use BackupAssist (it's not free), which manages the rotation for me.

Yet another piece of ransomware cracked:

http://www.theregister.co.uk/2016/04/27/cryptxxx_cracked/

And another escalation in the ransomware war:

http://www.networkworld.com/article/3070...ransomware.html

Another piece of ransomware cracked:

http://news.softpedia.com/news/free-decrypter-available-for-bart-ransomware-506469.shtml