Does Ransomware attack *all* drives or just c: ?

Status
Not open for further replies.

gn842a

Honorable
Oct 10, 2016
12
0
10,560
This might be an "it depends" question. The question is: when ransomware attacks, does it look for EVERY DRIVE on the computer? Most business/govt computers have a C: drive and maybe one more, which I assume is the situation in Atlanta. I have, I dunno, about four drives, one is partitioned.

Two of these drives contain file backups which is all I'm really concerned about protecting against catastrophic failure. The backup is a simple file copy using FBackup. I also have Carbonite.

Anyhow the question is, if the ransomware comes my way, is it going to hit every drive on the computer that's plugged in to the mobo? Or does that depend on how elaborate the hackers made the ransomware?

thanks
GN


 

canadianvice

Distinguished
Jul 25, 2012
235
1
19,115
It'll worm itself into anything it can - unless your computer doesn't have access to it, the ransomware will try its luck. Often they'll try going viral over the network too. If it's a normal vector a virus could use, it's a vector that ransomware can touch.

Hence why you should always keep a separate, offline backup of anything you deem important. The virus can be removed, but the damage is permanent!
 

USAFRet

Illustrious
Moderator


Potentially every drive or resource that the OS can see.
Internal drives, USB drives, network resources....everything.
 

canadianvice

Distinguished
Jul 25, 2012
235
1
19,115


If you have an app for dropbox, in theory it can touch those files. Carbonite is offsite IIRC? Basically, you just don't want anything with a permanent ongoing connection to your computer or a solution that both-ways. If it's one direction sync (your pc to your backup) it should be fine, but you'd want to be careful the backup policy uses versioned backups, as if ransomware were to get it, you would be uploading and overwriting your existing backup over it. You back up your files, disconnect, and keep it that way until next.

It's one of the reasons I have 2 USB hdds - one stays connected more or less permanently for access, and then at long intervals I back it up to a secondary that is not connected to my PC.
 

gn842a

Honorable
Oct 10, 2016
12
0
10,560


My understanding is that ransomware would encrypt my files and I would no longer see them by the names I had given them. Carbonite would see these renamed files as "new" files. It might try to back them up, though I would hope that if if the backed up files are just a bunch of numeric strings Carbonite might stop the process and ask me what's going on. But in theory encrypted renamed files would not cause the deletion of existed files.

UNLESS, the encryption process leaves the filenames intact. That could be a problem.

Even so, the backup process for a full 150 gigs (which is about where I am at) takes several days running 24 hours a day. When you first get Carbonite that's what you put up with. So even if over-writing were happening it would be a slow process. I'm trying to think of an easy way to get into the pc to disconnect one of my backup drives but I'm not coming up with anything. If I really wanted to be secure once a month I would have to remove the side panel, unplug the hard drive (making sure to get the right one), then remember to plug it in for a monthly backup and start all over. Ugh, ugh, and ugh.

Guess I'll google drop box and ransomware see what comes up. My dropbox does automatically update across computers that's the whole point.
 

gn842a

Honorable
Oct 10, 2016
12
0
10,560
Well dropbox maintains 30 day previous version backups so if your drop box files are hit you can restore earlier versions. I guess that means they can indeed be hit.
 

Avast-Team

Estimable
Mar 3, 2017
225
1
5,165
Ransomware can and often will spread to, as others have said, any drive it can "see" on your system, including network attached storage, mounted network folders, USB folders, etc.

This includes things such as Dropbox folders. So for example, if you're syncing Dropbox files to a folder on your PC, and ransomware encrypts the files in those folders, those changes would then likely be synced back up to the cloud.

So you'll want to make sure that whatever service you're using keeps a backup of those files, and of course that you have backups yourself also.

Some Avast options have additional shields to help prevent your files from encrypted (Ransomware Shield) as an extra layer of defense, too.
 
Status
Not open for further replies.