Jump to content

Defending against Cryptolocker

Recommended Posts

Malicious software that encrypts the victim's disks seems to be on the rise.  Software like Cryptolocker encrypts all accessible disks, including network volumes and USB disks.  A common Retrospect configuration is to back up to an external hard disk connected by USB.  In such a configuration, a Cryptolocker (or similar) infection would affect the backup as well as the drive being backed up.


User valkyriebiker posted the following on Ars Technica:

I've developed a backup protocol and script for my clients that protects hot backup drives by incorporating the following:
+ vbackup.exe -- a sort of stripped-down robocopy with versioning
+ Set the backup volume ACLs to give modify rights to the backup job only and read-only to the user
+ Remove the user from the local administrators group so that Crypto-viruses cannot take ownership or re-asset modify access to the backup volume. Users should never be on admin regardless. Yeah, yeah, I know.....
+ Give the user an admin-level password-protected account strictly for installing software, drivers, etc. that require it.

Here is a link to the original post: http://arstechnica.com/security/2014/06/we-will-be-paying-no-ransom-vows-town-hit-by-cryptowall-ransom-malware/?comments=1&post=26991139#comment-26991139


This seems very applicable to Retrospect and the configuration I described above.  Trouble is, I don't know enough about Windows administration to set this up.  Can anyone help?

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...