nadelewitz Loc: Ithaca NY

One thing I forgot....When saving a system image, or cloning a hard drive directly, the result should be TESTED to make sure the image or cloned drive is good. Restore the system to a spare drive and put it in the computer. Put the directly-cloned drive in the computer.

I learned this valuable advice in my years of computer and deployment support. It really stinks when you restore a system image to a computer only to find that the computer won't boot because the imaging process introduced a glitch. It CAN happen.

Longshadow Loc: Audubon, PA, United States

Harry0 Loc: Gardena, Cal

Which is what I did. *sigh*
If I had done this backup on the weekend, there'd be no problem.
But NOOO!
The encryption started while I was doing the copy, so my backup is a perfect copy of a trashed system.
I've tried various restores- but they were encrypted also.
I just spent a huuge amount of time using a highly recommended program called "ShadowExplorer".
It's a slow process. It seems like it's working. But most files just look good- nothing in them.
It'll take more than a weekend to nuke and rebuild the boot drive- but 40+ years of photos and music ?

Keen

Virus / ransomware creators update their work more often than security app creators upgrade theirs....so nothing will work well for long. Get in the habit of not opening emails from strangers. Even opening what seem to be from friends / family can be dangerous. I have let thousands of emails / texts go unread. Most are probably from: malware hawks, legit businesses I don't care to deal with, illegit businesses I don't care to deal with, political pollsters, religious wackos seeking to enlarge their membership, etc. I'm not missing anything by deleting them. People I care to deal with, who really want to contact me, can call me. If I recognize their number, I will answer. If I don't recognize them I won't answer. If I answer a phone call from a recognized number, and the proper voice does not say the proper thing right away, I hang up. There are only about a half dozen businesses I deal with online / by mail, and I know the people there well. I am not the least bit curious. I do not have to know what is in every email / text message, or behind every phone call. I am not afraid that I will miss out on my chance to win The Publisher's Clearing House Sweepstakes, or The Indiana Lottery, or whatever. I have no rich uncles, in Kenya, who are anxious to give me their vast fortunes. I have no reason to answer / open / reply to the vast majority of phone calls, text messages , or emails....so I don't. That keeps most viruses, malware, etc, away from me. If I do get hit by some, I will find it cheaper to replace my tablet / laptop than to pay the ransom, so I will trash the afflicted item.

Keen

Trump openly committed Treason by aiding Russia in attacks upon us. Hillary never did that. Bill had a consensual affair with a willing adult, while in an open marriage. His wife did not mind that he played around, as long as he kept it out of the public eye. His primary attacker-Newtbrain Gingrich-cheated on a dying wife, without her consent, by statutorily raping minors....humping 15, and 16, year olds. The economy is terrible for the non rich. Clinton's economy was far better than Trump's, and both daddy Bush's, and Dumbya Bush's, combined. Trey again, Ivan. Like your idol-Orange Hitler-you lost this round.

nadelewitz Loc: Ithaca NY

To repeat what I said earlier...
"When saving a system image, or cloning a hard drive directly, the result should be TESTED to make sure the image or cloned drive is good. Restore the system to a spare drive and put it in the computer. Put the directly-cloned drive in the computer.

I learned this valuable advice in my years of computer and deployment support. It really stinks when you restore a system image to a computer only to find that the computer won't boot because the imaging process introduced a glitch. It CAN happen."

In addition, as you unfortunately now know, you should not ever have entrusted 40+ years (or even one year) of valuable data to one hard drive, internal or external.
So sorry for your loss.

nadelewitz Loc: Ithaca NY

How did encryption start while doing a copy? Did you start an encryption process deliberately?
How were you doing the copy? Copying files from a running system? Or using some backup program? Something else?

n3eg Loc: West coast USA

I'd rather share with Putin than with that lunatic Dave McAfee.

Longshadow Loc: Audubon, PA, United States

I believe he is referring to the encryption by the ransomware, not a process he intentionally started.
It doesn't sound like you are referring to that.

TriX Loc: Raleigh, NC

This is a classic file system issue - the file system is hacked or corrupted and it propogates to the backup. It has been reported twice in the last two weeks on UHH. There are at least 2 possible data protection strategies (other than stopping the attack/corruption).

First, you should have a DR (disaster recovery) copy that is not automatic. It can be a HD stored off-site, the cloud or MDisks. This is a copy of your most important data that you update only when you are sure the source data is clean.

Second, and best is a file system incorporating snapshots. A snapshot is a point in time copy of the file system INodes. It contains changes and additions to the FS since the last snapshot. You can take hourly, daily, weekly snapshots of the FS and revert the entire FS to the one before the corruption. Snapshots, other than the original, are small because they contain only changes and additions. Snapshots were popularized by NetApp in their WAFL file system, BUT you can implement them in NTFS with VSS. Please see the attached link for further information: https://en.m.wikipedia.org/wiki/Shadow_Copy

stbg1951 Loc: Lewes, DE

I use Acronis True Image for backups and it has anti-ransomware protection. It identifies patterns of file name changing and stops it. I use software to rename photo files in bulk and it stopped it and asked if it should allow to continue or stop process and recover files from backup. They also offer a free stand alone ransomware product but it won't recover the corrupted files. Not selling it just putting possible solutions out there..

Doc Barry Loc: Huntsville, Alabama USA

Bummer of a mess for you. I do a complete backup of my desktop weekly and then remove the connection to the external HD backup.

Folks may want to consider Bitdefender rather than ESET as it is rated better. I have used it for years and no problems. See https://reviewedbypro.com/bitdefender-vs-eset/. The difference is slight, but I prefer less leakage possibilities. ESET is a Slovak company while Bitdefender is a Romanian cybersecurity company. Of course, comparisons are like many things where it is important to know who is paying for the comparison. One "Top Ten" has Norton at the top; a program that I would never use! FWIW, PC Matic, a USA company, does not compare well with say Bitdefender. Go figure.

Doc Barry

Harry0 Loc: Gardena, Cal

Well, my complacency was probably a big contributer.
All my efforts had always worked before.
All that software I mentioned starts on boot, every time.
Start the computer, THEN go get coffee. Take your time!
Theoretically, the encryption should have never happened.
And I "knew" that any attack would be on the main boot drive.
What use would a virus have with picture, sound or movie files?
And this was my monthly full backup on to a G-raid. Two complete copies.
Then gets unplugged and set on a shelf. A smaller one then works as a scratch, pagefile, temp file bucket.
I *used* to use DVDs for backups- write once, can't infect or delete, etc.
I'm looking at 3 hat packs from here- all over 5 years old. What's their half life?
I was going "modern" and using hard drives for storage and backup.
Never trusted the "cloud".
That one monthly 3 hour time window, and both sets were gone.
And I was conglomerating my files so I could cull, sort and store them.
All the weddings- *here*. 5 bar bands in the family- all their stuff *there*. Etc.
I do have a bootable Bluray disk with the essential boot drive basics. It's @ a year old.
So my "C" drive is up and running. Lots of updating happening.
I DID download eset trial, and ran that. It found 90 more items- in 10.5 hours.
I'd reinstalled new versions of rkill, reimage, tdsskiller, clamwin, Kaspersky, etc. Eset killed them.
It's a dual boot Mac running Windows. The programs so each OS to work with the other's files- deleted.
Most of the deleted apps were "pups"- shareware freemiums, ad supported software, etc.
So I don my Sisyphus apparel, and back to the grind.

TriX Loc: Raleigh, NC

Harry, I am so sorry. After your experience I (again) reminded the IT guy at our small aerospace company where I work part time after retirement, how potententially vulnerable we are to such an attack. Coming from a long career in storage, I am very paranoid, having seen almost every conceivable storage failure. Long story short, I convinced him to let me spend $100 to get a BluRay / MDisk drive, half a dozen 100GB MDisks and at least let me put our critical design, customer and accounting files in our safe deposit box in the bank. Your sad tale is a cautionary story for the rest of us. Good luck retrieving as much of your data as possible.

Harry0 Loc: Gardena, Cal

Well, that's the thing.
I brought my system drive system back up easily, 1 week old.
But every data file is gone. Still there, but gone.
I did not ever anticipate getting .tiffs and .jpgs etc infected.
So even tho I kept them backed up monthly- only 1 backup.
In IT I've had file cabinets and written the procedures for "grandfather - father - son" backups.
I know better. I just didn't *do* better.
"Next time" is too late for this time.

I had already ordered the MDisk/Bluray drive, and I'm shopping for disks.
50gb BDs are more protable, but the 100gb Ms are sturdier