Would you like some protection against Ransomware without feeling as if you are paying a king’s ransom for peace of mind?

In the wake of the WannaCry ransomware attack a few weeks ago, I started a hunt to find some method of guarding against a future attack without having to pay for another layer of antivirus/antimalware protection.

Malwarebytes Premium price

Malwarebytes Premium is priced per machine per annum

You might well ask why your current antivirus protection doesn’t cover against ransomware. Well, maybe it does – but only ransomware that it has seen before. The WannaCry attack was what is known as a “zero day attack“: unknown to antivirus/antimalware protection and, therefore, unrecognised by it. “So”, you think, “what we need is protection that recognises something it’s not seen before”. Well, Malwarebytes (amongst others) does now claim to protect against new types of ransomware – but only if you invest in their “premium” version. This comes in at a slightly eye-watering £29.99 PER PC PER YEAR. Maybe that’s a small price when you consider the potential cost of losing all of your data files, but it’s quite a lot if your opinion is that the chances of being attacked are low. In a world where we get used to buying apps for our iPhones for about £0.69, this looks a bit expensive – especially as it’s an annual subscription and not a one-off purchase.. and you need a separate subscription for each PC that you have.

Cybereason logoSo, I cast my net a bit wider. Knowing that I would want to write a blog post about it, and assuming that my clients are like me in not wanting to feel as if they’re paying a ransom to protect themselves from ransomware, I decided that I was only interested in trying free products. I found just one – called RansomFree ,from an organisation called Cybereason.

RansomFree logoI installed this on my “main” laptop on 26th May and made a mental note to keep my eyes open for any adverse effects. There haven’t been any. It’s true that my Dell XPS 15 laptop is fairly new and has a good specification, so any adverse effect on performance would, indeed, be a bad sign. I’ve run antivirus scans (back to using Windows Defender at the moment because Avira drove me bonkers with its popups) and I’ve run antimalware scans (using Malwarebytes Free), and RansomFree does not seem to have upset these either.

So, now I feel reasonably confident in recommending RansomFree if you are bothered by the thought of ransomware but don’t want to fork out good money for protection against it (which, let’s face it, may or may not work against a threat whose exact nature and profile is hitherto unknown).

There are some interesting features of RansomFree:

  • It doesn’t aim to identify the threat by recognising a file or file type or code within the file that’s characteristic of the threat it’s looking for. Instead it keeps an eye on actual behaviour in your system. To this end, it sets traps by creating typical-looking files and watches to see if anything attempts to mess with any of those files. If anything happens to any of them, it immediately stops the process involved, alerts you and sets in motion the steps to eliminate the threat. I must say that I was a bit caught out when I spotted some odd looking folders on my system with some oddly named files (see the example below). It’s a bit untidy having “unreal” files and folders on the system, but that’s probably a price worth paying.
  • The next interesting feature follows from the first in that, because RansomFree is looking for BEHAVIOUR, and not looking for specific nasty programs, it doesn’t need to be updated with knowledge of the latest threats (unlike antivirus and antimalware protection). It needs no maintenance from the user. Just install it and forget it.
  • Finally, RansomFree only needs to be installed on one machine in a local network. It then looks after the rest of the network. It should be noted, though, that RansomFree only works on Windows machines.

Ransomfree Bait Folder

One of the “bogus” folders RansomFree has put on my c: drive

I don’t know how good RansomFree is going to prove to be at doing its job (and hope I never find out!). What I do know is that I’m happy to have expended the initial time and energy in finding the program as I can now pass it on to you and that, after all, is my job. After reading this post, you can now install it just by clicking this link – and following the instructions.

If it makes you feel slightly less insecure then that, after all, is one of the benefits of any insurance policy – and the premiums are pretty low!

Yes, I know it’s a subject no-one likes to think about, let alone do something about

Backup Button

If only it were as simple as a key press ….

I feel that I walk a narrow line with a lot of my computer support clients between nagging them and ignoring something that I know is important – backups.

It’s easy enough for Mac users. Just set up the Time Machine and you can more-or-less forget about it (except that Time Machine won’t protect you against ransomware. Yes, that’s right, Macs are now vulnerable to ransomware – see this article from Malwarebytes on ransomware). For PC users, however, there is no simple, obvious way to “set and forget” a backup routine. The “File History” option in recent versions of Windows is a start, but it’s simplistic and very much a work-in-progress for anyone whose data filing is any more complicated than using the predefined libraries (Documents, Pictures, Music etc).

My own backup system has always been rather ad hoc, with lots of redundancy built in. The word “redundancy” in this sense means that there are different ways of achieving the same end. Any one method can fail without stopping the other methods from working. In this sense, redundancy is very definitely a good thing. It can help to give you cover, for instance, against those occasions when you try to open a backup drive and discover it’s dead (not a nice experience if you are trying to access your only source of backups).

A few months ago, though, I decided that it’s time to go on the hunt once more for a solution that’s good enough that I would trust it – both for myself and for my clients. The difficulty with backup solutions is that there is a constant tension between ease-of-use and flexibility. The more you have of one, the less you tend to have of the other.

Cobian logo

Cobian backup software logo

Anyway, I came across a name that seemed familiar – Cobian. I remember that this was a backup solution that I used to use for myself and my clients in the past (5, 10, 15 year ago?) but, for some reason that escapes me, have stopped using. I do remember that it was a bit of a pig to set up. That’s probably why I didn’t use it for all my clients. On the other hand, I can also distinctly remember at least one occasion when it definitely did save a client’s data. I’d set it up for her and she’d just left the external drive connected and let it do its thing for, I don’t know, a year or two I think. And then she had a hard drive crash and her data (and my reputation) were on the line. Cobian had been working perfectly all the time. I installed a new drive, then Windows and her programs, and then restored all of her data from the Cobian backup on the external drive. No problem.

When I re-acquainted myself with Cobian last year I found that it’s now got a much simpler interface – but still with all the flexibility that’s needed. I set it up doing different routines on two different machines and it has worked flawlessly for about three months. It even flawlessly backs up files that are open at the time the backup takes place (eg Outlook data file and Evernote database).

It still has a complexity in setting up that some users might find daunting, but my experience of the last few months has given me the confidence now to recommend it for any Windows user looking for a solution that needs more flexibility than the inbuilt File History. I would be happy, of course, to set it up and configure it to your needs (probably half an hour or so).

Ransomware Screen

You do not want to see this on your screen

If you think that your data is safe from disasters because you use cloud services – and especially if you think you are safe from ransomware because it’s “all in Dropbox” or “all on OneDrive” – then you should be aware that files encrypted by ransomware can over-write your (unencrypted) cloud copies. If you use free versions of cloud services there is every chance that previous (unencrypted) copies of files will not be available in a crisis. Peronally, I wouldn’t risk it: one of the things that Cobian backs up for me locally is a copy of my OneDrive and Dropbox folders. Some of those backups are then held “offline” (ie the drives are only connected to my system at the time that Cobian is doing the backup). Ransomware can not encrypt files on drives that are not connected to your system at the time of the attack.

I’m not one for new year resolutions, but if you are thinking of making one this month then sorting out a backup system would be a good one.

In these days of ransomware, isn’t it dangerous to leave backup drives connected all the time?

Backup Drive on a LaptopVery slowly, data backups are becoming easier to keep up to date. If you buy a Seagate external drive, for instance, it will probably include backup software that you can “set and forget”. Once you’ve made your initial decsions about what you want to back up, how many copies to keep and so on, the software just keeps doing it as long as the backup drive is connected to your computer (usually by USB cable). Yes, it can be a bit inconvenient having an external drive permanently hanging off the side of your machine – especially if it is a laptop that spends a lot of time on a desktop but some time on your lap. It’s just not good practice to forget the drive is attached and yank it around by the cable when moving the laptop! If it goes crashing to the floor then it could easily be “goodnight Vienna” and back to PC World for another one.

That aside, I think a lot of people have actually started to get used to the idea of having backups automatically taken and updated. This is especially true, of course, for Mac owners who just have to set the inbuilt “Time Machine” software to use an external drive and then forget all about it.

And then along comes ransomware. This is malware that encrypts data on your computer and demands a ransom to decrypt it for you. See this previous blog post on CryptoLocker, for instance. There is obviously a very strong argument that says you should never ever give in to blackmail, but if the only alternative is to lose invaluable data then it’s not difficult to see why people pay up. Now, the problem with ransomware is that it can encrypt data that’s on your external drive as well as your internal drive if the external drive is connected at the time that the malware attacks.

On the face of it, then, you are between a rock and a hard place. If you don’t keep your external drive connected you risk losing data that’s not backed up, and if you do keep it connected then the data is backed up but is vulnerable to being snatched away from you by ransomware.

Time Machine Settings

As you can see, I back up my MacBook Pro to a 750gb drive and also to a 1 terabyte drive. This dialog box shows me when I used the drives, so I know which one to use next.

If you’ve got a Mac then it’s actually quite easy to resolve this dilemma. Not only is the inbuilt Time Machine software easy to “set and forget” but it’s also flexible enough to let you use more than one backup drive. So, you simply alternate the drives as often as you wish. If one should fail or be compromised then the other – although probably not completely up to date – will take almost all of the pain out of the situation. This is actually a very good and simple practice. An external drive only costs £40-£60 these days. Just buy another one and alternate them. It’s a no-brainer. For the sake of completeness, I’m just going to mention one more practice that you can adopt if you really want to be responsible about your data backups. And that is to take a second backup onto an external drive and then remove it from the premises. Ask a friend or relative to keep it for you and periodically swap it for a later backup. This may sound like overkill, but it does provide a layer of protection against something disastrous happening not just to your computer, but to the entire location – eg fire, theft, or flood.

To be honest, I don’t know if swapping drives would work when taking continuous, incremental, backups using software such as Acronis or Seagate’s on a Windows PC. It’s just possible that files are marked to say that they’ve been backed up, so wouldn’t get backed up if a different backup drive were substituted. This is almost certainly one of those IT situations where the quickest way to find out is probably to “suck it and see”. In the meantime, you can ensure that a second backup will definitely work by doing a full backup instead of an ongoing incremental one.

Backup Strategy JokeWhether it’s worth bothering about the possibility of falling victim to ransomware is, of course, your own decision. And I should add that, as far as I know, Cryptolocker still only attacks Windows PCs. It’s very difficult to assess the chances of such disasters happening. I recommend that you imagine the situation you’d find yourself in if such a disaster did happen. Go on – really think about what you might lose and how inconvenient it would be. That should then give you some idea of how much effort you are prepared to put into creating and following contingency plans.

© 2011-2017 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha