Replies

Hi RonB, Graham,
My view is that a device or a VM must be live and accessible at some machine code level for Windows/Linux to find it and mount it, so the virus can use the same tools that are used by Windows or Linux to find a VM, NAS or other device in the unmounted state.
This is not possible if a relay removes power from the device or breaks its network connection when a backup is not in progress.
If the external device is a USB memory stick connected by a USB cable, then it is easy to open the cable sheath and wire a relay to open/close the red wire in the cable as this provides power for the USB stick. [dont mess with the other wires which carry the data]
For total isolation, each USB cable could have a domestic timer to operate the relay at a set time, complemented by a batch prog to check the memory is available at the expected time and then run the backup.

Paul
…
I think we are getting a little off the path here.
The post in the beginning was about how to protect your backups from ransom-ware.
So far the best suggestions are:
An FTP server to backup to.
A hidden folder on the network that can only be reached by the full path.
Folders that are password protected.
Drives that can be mounted for the backup then unmounted after the backup.
currently know how to implement all of these but was hopping to get some new suggestions from some of the PROs that use this forum.

Ron

Hi Ron and others,
I like the approach of an electrical connection to a USB memory or NAS that can be off when not in use, so ransomeware can not touch it.
Rather than an external time switch, I would prefer relays/switches that can be controlled from the computer. Lots of USB or ethernet controlled relays seem to be available on ebay for <$20.

So the sequence would be;
1. turn on relay #1 to power up NAS #1 or similar device, make a backup, turn off relay #1.
2. after x hours repeat with relay #2 and device #2
3. after 2x hours repeat with relay #3 and device #3, etc

When the ransomware acts, at worst it will encrypt the currently connected backup, but you have other multiple good backups.

If the virus hides itself for some time before acting, several backups will contain the virus in its dormant state, but the files are not yet damaged and should be recoverable.
The time span across the multiple backups should be longer than the interval between when a virus starts to act and when users notice loss of files or the ransom is requested and the backup process is halted.

I have not tried this approach but it seems practical and secure as the relay control and backup invocation can be handled by a batch file which the virus will not find or understand.

Hi Paul, surely the write only constraint is just a standard software bit setting which the bad guys can preset the virus to bypass. Whereas a custom written Batch File to control the external relay is not something a virus can be preset to handle.
Or are you suggesting a NAS with a physical switch or link that can not be changed by software?
Graeme.

Why not use automatic NAS isolation for ransomware protection.

Thanks to Fred for his continuing and useful comments.

To prevent access by ransomware, I would like to use a program operated external relay so I can switch off my backup NAS when I am not using it.

The key protection from ransomware seems to be a separate NAS which is manually connected only during backup. It would seem practical to automate this process using a simple program controlled USB relay to power up the NAS for each backup event and then turn it off when the backup is done.
The simplest solution would seem to be switching the mains power to the NAS rather than switching the signal cabling between the NAS and the PC.

I envisage the relay being activated by a batch file or similar program than can be scheduled to run periodically. It would run some level of virus check, then power up the NAS, make a backup, and then turn off the NAS.

This leads to the question, how much time elapses between a ransomware infection and its damaging actions becoming visible in my working network? If this delay time is say 4 hours, then my backup interval needs to be longer than 4 hrs to ensure the NAS is off line when the ransomware activates.

It assume it does not matter if the Ransomware is copied to the NAS whilst it is still inactive, as the NAS can be connected to a ‘clean’ computer for disinfection and recovery of its key files.

Comments and guidance from lounge members would be much appreciated.

Thanks, Graeme.

Examples of USB relay units.
http://sigma-shop.com/product/7/usb-relay-controller-one-channel-box.html
http://www.sainsmart.com/relay-1/sainsmart-8-channel-controller-usb-hid-programmable-control-relay-module-kit.html
http://www.robotshop.com/en/devantech-2-channel-usb-relay.html
http://www.yoctopuce.com/EN/products/usb-actuators/yocto-powerrelay

Here is the trick: It works, I am now playing Free Cell in Win 8 CP

1) Copy the Microsoft Games folder from Win 7 Program Files folder to the Program Files Folder in Win 8 CP. Copy the entire folder. If you have a 32 Bit system you would copy the Microsoft Games folder from Program Files (x86). If you have a 64 Bit system you would copy the Microsoft Games folder from Program Files.

2) Copy ‘cardgames.dll’ from C, windows, system32

3) Paste the .dll directly into each of these folders you have created in Win 8 CP: Free Cell, Hearts, Solitaire, Spyder Solitaire. I have shown the Free Cell folder below. The other 3 folders are similar.

30654-FreeCell

Now just apply this patch: Sorry, the patch is no longer available. This link is broken so I have removed it. It only worked during the beta test period. Now that there are Free Cell and other Solitaire games available from the Win 8 App Store, these are no longer necessary.

That’s it. It really works. I’m playing the Free Cell now.

Hello Medico,
Searching for a 64bit Freecell, I tried your links in the above email and they both defaulted to an advert for MaaS360. Is this an intentional hijack or what?
Please post the link again.
Thanks,
Graeme.

I use my own domain on Fastmail. IMAP or web interface, or both.

cheers, Paul

Hi Paul thanks for your comment.

FastMail Lite $10/yr or Full $20/yr seem reasonable, their screen says I need Enhanced $40/yr to use my domain name, is this so?

Other reasonable sites for simple Mail hosting seem to be
1&1 Instant Mail £12/pa for 5 address accounts and 2G storage.
Namecheap Private package is $10/yr for 1 mailbox POP3/IMAP with 3 GB disk space & 1GB file storage. Extra mailboxes $2.98/yr.

I am confused by the lack of detail on most of the offerings, and distrust the hard sell/ cheap intro tactics.

Graeme.

I agree with FUN. We must assume all accessible images are encrypted for ransom.
I also agree with MEDICO that its is only a matter of time before I [or a family member] gets caught.

So assuming a CryptoLocker attack is inevitable, here are my thoughts on how best to be prepared.

1. Cloud based protection.
One suggestion in these columns is a cloud based backup which allows roll back.

I have not tried cloud backup and feel it will require a large amount of data transfer time and cost for a recovery process that is not simple or guaranteed.

Views from users of this approach are welcome.

Does anyone know how far back in time the roll back needs to reach? ie. The time taken for CryptoLocker to do its encryption work and demand the ransom?

2. Local protection by manual intervention.
Several members of the lounge argue for a regular backup/image onto separate media which is then disconnected.
This is true, but I do not trust myself to keep the discipline of connecting and disconnecting a separate hard drive and waiting for what could be a long update time.

3. Local protection by WORM storage.
This needs a large network attached store [NAS] which provides ‘write once & read many’ [WORM] facilities so the backups are available after writing but cannot be changed or encrypted later. This is a local equivalent of the Cloud store with roll back. WORM devices are available now for corporate archive use but well beyond a domestic budget. Hopefully Seagate and others will see this as a significant market which only needs some internal code and a manual switch on the NAS to prevent written files from remote change after writing. When the NAS is full, we flip the switch and delete old files, or do a reformat.

4. Local protection by second PC. [My current proposed approach]
Using any old PC or laptop as a backup client, connect it to my local network, and give it access to the store which holds backups/images of the working PC. Maybe, give it access to all the drives on the main PC.
=> The essential issue is to disallow all sharing or access FROM the working PC into my backup machine.

Then write a batch file to periodically create a new folder named ‘Today-date-time’ and copy the latest image file or incremental changes from the main PC.
Repeating this process generates a series of dated folders holding copies of the main PC files and allows roll back recovery as needed.

A possible weakness in this approach is the use of Windows share settings to block access from the main PC.
I agree that any windows program in the main PC will not ‘see’ the backup PC or get access but a blackhat encryption program may be able to ignore the share settings and access files in the backup?

Even better could be to use linux for the copying tasks in the backup PC, but this is way out of my skill range.

All views to improve or help are welcome.

I am also sending this to Tracy Capen as a possible topic for his experts.

Hello Stu,
Thanks for your comments. My apologies to others on this thread for diverging from the topic.

I agree your suggested approach will work for archiving emails from my several source accounts. But it requires changing all the source email accounts to POP because Gmail does not auto-extract from IMAP. I want to keep using the source a/cs and do not wish to change to POP for all the normal reasons, eg I often get messages with large attachments and value the option to delete them on the server without first downloading them as required by POP.

Maybe I should start another thread on archiving. Again many thanks for your help in clarifying my needs.
Graeme

Hi Graeme,
I don’t completely understand your specific situation. Please explain your situation in more detail.
…..
Stu

Hello Stu, Thanks for your patience and help to clarify the issues.
We have several IMAP email a/cs accessed by my wife and I from different machines, and different places when one of us is travelling.
We can each read all the messages and when appropriate I delete messages for me and my wife deletes those for her. However, sometimes the wrong incoming message gets deleted and this is the problem I want to solve.
My plan is to have an account MyInboxArchive@gmail that sucks all incoming mail from all accounts and holds it to provide backup against accidental deletion. We dont need to use it for anything else, just to be a backup.
Agreed we could use the archive a/c as our working a/c but the messages from different incoming accounts are now in one large a/c making it is more difficult to review and keep clear separation for our different source accounts.
It is also essential to manage the message return addresses.
When I reply to an incoming message collected from the AA a/c the ‘sent from’ and ‘reply to’ fields should read AA. And when my wife replies to a message collected from the BB a/s the fields should read BB.
How is this done without extra hassle and risk of error and confusion to the recipient ?

A related issue which I have already solved is to automatically archive all sent messages. My solution uses the great Thunderbird setting which automatically adds a BCC on all outgoing messages. So all sent messages from any of our machines automatically includes BCC: MySentArchive@gmail. We have found this to be a great facility. When I am travelling, I can see what my wife has sent from the home computer and vv. Also if any of our computers fails, the email sent archive is preserved.
Thanks again for your comments,
Graeme.

To Graeme,
“Pulling” your emails into Gmail only works using POP3, but you can choose to leave the original email on the server from which you are pulling. To do that, follow these instructions:
…
Stu

Hi Stu,
Thanks for your detailed info. Unfortunately the lack of IMAP is a problem as my wife and I use separate access to the email account and the pundits seem to say IMAP is better than Pop.

Web search for alternatives got me to GetMail as a possible solution, but as noted below it seems rather complex to implement on windows.

So I am not sure what to do next.
Graeme.

Eg. — Getmail, a python replacement to Fetchmail. This is free software licensed under the GPL v2. More information is available on the Getmail project homepage.
But running Getmail on MS Windows needs the free Cygwin package and http://cygwin.com/Running says recent versions of Python under Cygwin requires a process known as “rebasing” your Cygwin installation; see details in Python developers’ mailing list message. http://mail.python.org/pipermail/python-dev/2003-July/036932.html
—-

I went about it in a different way:
…
2. Rather than forward the emails in my problem account, I “pull” them from my problem account using Gmail POP3 access.
……

Hi SB, your ‘pull and spam filter’ approach sounds great and I want to use it on my account.
If my email ID is xzy@my.com how do I ‘pull’ it from the my.com external server into Gmail.
Initially I want to use IMAP so the files stay on the my.com server and I can manually delete when all is working ok.
Please give a bit more detail as I cant find any Gmail tool or setting to do the pulling.
Thanks in anticipation.
Graeme.

I agree one should change the password from the Routers default, so it can not easily be reset via remote access.
For convenience, I recommend writing the admin name and password details on the router.
This may seem insecure, but anyone who can read the password on the router can also press the reset button and use the default router admin and password.
Cheers.

Like vandamme, I have an HP scanner and the software that came with it was over complex and bloated with excess stuff I did not want, so I removed it.
For general purpose scanning I now use the MS Scanner software that came with my XP installation. C:WINDOWSsystem32wiaacmgr.exe -SelectDevice
For better quality and OCR facilities, I use the scanner that came with MS Office. On my machine its at Programs/MS Office Tools/ MS Office Document Scanning.
The result I can save as a regular word file, or I can save it as a .tif or .jpg file and then edit further using irfan.
So in answer to various questions, the software that comes with a scanner can be replaced by any other suitable package, and for bbcirly I encourage a tryout of the MS Office package.

My criteria for finding a domain name were
* keep it short and simple [easy to spell out on the telephone and saves zillions of key strokes over a lifetime]
* make it generic so my wife and children can continue to use it after I have gone virtual [this rules out my surname as my children are all girls].
Given that filter, I quickly found that 3 and 4 letter names are mostly reserved, sold out or priced at a premium
I eventually found the domain .cc and created a nominal three letter prefix based on the initials of family members. So my domain is xyz.cc and family users can identify themselves in the email prefix, eg myname@xyz.cc mywife@xyz.cc mydaughter@xyz.cc
I have been using it for 3 years with a great sense of satisfaction every time I getam asked to enter my email address and then enter it again …..
PS. .cc is a top level domain Cocos islands in the Indian Ocean, administered by Australia.

Windmill
The picture fails to show how the mill can be rotated to face the wind.
Two methods are available.
Ancient method. The whole mill is rotated manually by the miller and for this to happen, the bottom of the steps must no touch the the ground.
Modern method. The base of the mill is fixed and only the crown+sails rotates. This requires a clearance gap below the crown and a training wind tail to follow the wind direction. Neither of these are visible.
House
Tile overlap requires starting at the bottom and working upwards with the top going on last.