VideoHelp Forum

Try DVDFab and download streaming video, copy, convert or make Blu-rays,DVDs! Download free trial !
+ Reply to Thread
Results 1 to 5 of 5
Thread
  1. Member
    Join Date
    Dec 2005
    Location
    Canada
    Search Comp PM
    As I understand it, Ransomware can scan any connected drives and potentially encypt files.
    What if I take my backup drive offline using the Diskpart 'offline' command?
    Will the infecting program know that the drive exists?
    Quote Quote  
  2. Member
    Join Date
    Jul 2007
    Location
    United States
    Search Comp PM
    As this article explains, anything that can be done, can be undone.

    https://www.infopackets.com/news/10422/8-ways-protect-your-backups-ransomware
    Quote Quote  
  3. Video Restorer lordsmurf's Avatar
    Join Date
    Jun 2003
    Location
    dFAQ.us/lordsmurf
    Search Comp PM
    Safest way to backup is to pull data, not push.
    Safest backup system is entirely offline, only on-network.
    Quote Quote  
  4. Member
    Join Date
    Dec 2005
    Location
    Canada
    Search Comp PM
    Thank's for your responses.

    @lingyi re the link:

    For example, the ransomware may begin its operations by scanning all available drives using the mountvol command, mount all available drives, then encrypt data on all drives

    That 'mountvol' command is interesting...but if I use Diskpart to take a disk offline, it's no longer visible to 'mountvol'.
    The disk is shown in Disk manager as 'offline' and with no a letter.

    If I use the utility 'Hotswap!', the disk is not listed in 'mountvol' or Disk Manager.
    The only way to get it back and get-at-able is a rescan.

    @lordsmurf

    I take your point and I keep a once a week cloned copy of my System and Data disks in a caddy in the PC.
    The caddy has a power switch which I use to power down the caddy after the cloning.

    It's the daily backups to various external drives that are my main focus and how to keep them secure.
    Quote Quote  
  5. Member
    Join Date
    Jul 2007
    Location
    United States
    Search Comp PM
    Not familiar with the mountvol command, but bottom line is any backup drive attached to the PC at any time is prone to attack. As the last comment on the site states, ransomware or a virus could be running on your PC for weeks or months before it's activated, monitoring keystrokes and events, even waiting until you turn on your weekly backup drive online to attack.

    The best you can do is have a good antivirus, practice safe computing, backup often (2x daily, 2x weekly or more on different drives), and accept that whatever was hit at the time of the attack is gone.
    Quote Quote  



Similar Threads