Ransomware and viruses - please read.

[MaxDaemon]

I wrote this in another thread, but it was all the way at the bottom and this is so important, I copied it and threw it back up here so it would have a better chance of being seen.

I think there may be some confusion as exactly what "ransomware" is.

I've gotten emails that say "I have video of you watching porn and if you don't pay some money I'll release it to your friends and family." These can be safely ignored. And, these are not ransomware.

Ransomware actually goes through your entire hard drive and "encrypts" each of your irreplaceable files. It then renames the file from, say, "MyPreciousBook.docx" to "MyPreciousBook.docx.r239f9if4". At that point, the file is useless. And, the encryption is so good that only very rarely can it be decrypted without the terrorist's key.

Generally speaking, it will target your document files (doc, docx, xls, xlsx etc) and your picture files (jpg, png, tga, pic, etc) and about anything else they can think of that you care about. In some particularly brutal cases, it will hunt down and encrypt your backup files as well. These files become completely unusable. They cannot be recovered through any means beyond paying the ransom and praying the terrorists will actually give you the key to get your documents back.

So. Please, please, make many backups of your documents, pictures and every other file on your computer that you interact with. We don't care about any of the operating system files, or any of the software files. Those are easily replaceable. Your documents though, your novels, your notebooks. Those are irreplaceable.

Don't be lulled into a false sense of "it won't happen to me" because it does. Every day. A company I'm associated with paid a ransom of $350,000 in December. Their files were recovered, thank goodness. Those crooks were "honest". But all the files in the entire network, literally millions of them, were encrypted, and ALL backup files were also encrypted.

What can you do?

Back up your files to a USB backup drive (like you might buy at Costco or Walmart for $100 or less) and then DISCONNECT that backup drive from your computer unless you're actively using it to back things up.

Upload a copy of your work to Google or OneDrive.

Backup your entire document collection, heck, your entire hard drive - to a service like iDrive or Carbonite. They are very cheap, costing only pennies per day, but that data will be there safely away from YOUR computer if you get struck by a ransomware virus.

Please take this seriously. For a writer, their entire life. Their entire career. Their entire psyche resides in their collection of works on their computer. And way too often, they don't realize how close they are every day to losing it all.

All it takes it a simple click on an email. A innocuous email from "Fedex" that tells you about a package being sent to you. You aren't expecting a package, so you click on the provided link to tell Fedex they have the wrong person. Then - 30 seconds later you get a popup saying your files are gone. They are encrypted. And it's too late to anything about it.

Please back things up. Please put your precious documents on some outside location, not connected to your computer. And most of all, please don't click on anything that looks the least suspicious.

Sorry, wrote a novel there. But this is near and dear to my heart. Being in the IT profession, I see it all the time. Literally every day.

[Jan Hurst-Nicholson]

Thanks for this  .  I use Acronis to backup onto an external drive, and I use USB sticks to copy my files as well. Is this enough? I'm not sure about Cloud as that could also be hacked.

[MaxDaemon]

Thanks for this  .  I use Acronis to backup onto an external drive, and I use USB sticks to copy my files as well. Is this enough? I'm not sure about Cloud as that could also be hacked.

I guess it's theoretically possible the "cloud" might be "hacked", but it's very unlikely.

I say that from two standpoints, first off, two of the biggest purveyors of "cloud" are Google and Microsoft. Both of them have many years of experience in making sure their products are pretty hackproof. They also both have dedicated staff whose job is to dream up ways someone could "hack" them and plug that leak before it happens.

Second, they offer the biggest advantage in that they're not physically connected to your computer, so that puts the possibility of anything that happens on your computer away from their "cloud". Now, it IS possible for you to connect your Google drive or your OneDrive to your computer in such a way that it "looks" like another drive, which allows you to simply drag and drop files to it. The drawback to that is a cryptovirus (ransomware) would also see that Google drive as another drive to infect, and it would infect all your cloud-based files as if they were on your machine! I do not have anything like that set up on my computer. When I want to send something to Google drive, I upload it from my computer to theirs, leaving that "air gap" in place.

Your two methods of backing up are very effective. DO make sure that you disconnect that external drive when you're not backing up to it, though. Remember, it's just another drive when it's connected and just as susceptible to infection.

It's also possible that we're talking about two different definitions of "hacked". When you get a cryptovirus (ransomware) you're not really being "hacked" in the same way that a bad guy might hack into Google's site and infect it. Every user on Google or Microsoft is very insulated from every other user. The possibility of someone getting a virus and passing it to Google, and having it leap around inside Google's site is astronomically unlikely.

And speaking of astronomical, the chances of you getting a ransomware virus on your computer at the same time that Google got it on theirs (unless you have it connected as I mentioned above) are pretty slim. The whole idea is to have something based in another location with an "air gap" between them. Air gap meaning, no physical connection between the two.

[CaptnAndy]

I learned back in my KayPro2 (CP/M) days that I could never recreate a lost or corrupted document as good (in my memory) as the original. When I started working as an author in 2011, I subscribed to Criptonite, and have never regretted the expense. So far, I have been lucky to avoid a ransomware attack (I am paranoid about opening stuff), but I have recovered from several crashes (Disk Drive and computer failures, updates running amuck, and my own errors). The automated backup is the best document insurance you can have. It doesn't require you to remember to back up a changed, or new file.
Even if you never have to deal with ransomware, you will loose files it they aren't backed up.

A suggestion from a 1944 model that (hopefully) has learned from his mistakes. If you get better with age, I must be nearing perfection.

[Post-Crisis D]

I say that from two standpoints, first off, two of the biggest purveyors of "cloud" are Google and Microsoft. Both of them have many years of experience in making sure their products are pretty hackproof. They also both have dedicated staff whose job is to dream up ways someone could "hack" them and plug that leak before it happens.

Google has reached out to some users to apologise after a "technical issue" saw videos uploaded to another user's archives.

Source: https://www.zdnet.com/article/google-bug-saw-videos-sent-to-archives-of-the-wrong-users/

[MaxDaemon]

I say that from two standpoints, first off, two of the biggest purveyors of "cloud" are Google and Microsoft. Both of them have many years of experience in making sure their products are pretty hackproof. They also both have dedicated staff whose job is to dream up ways someone could "hack" them and plug that leak before it happens.

Google has reached out to some users to apologise after a "technical issue" saw videos uploaded to another user's archives.

Source: https://www.zdnet.com/article/google-bug-saw-videos-sent-to-archives-of-the-wrong-users/

The point is, get your files off your system to some other location that isn't connected directly to your system. Screwups happen on all avenues, let's just concentrate on having our files someplace where your own screwup, or someone else's, won't jeopardize your livelihood. The chances of Google or Microsoft messing up at the SAME TIME your system goes down with a virus is unlikely.

[Jan Hurst-Nicholson]

Your two methods of backing up are very effective. DO make sure that you disconnect that external drive when you're not backing up to it, though. Remember, it's just another drive when it's connected and just as susceptible to infection.

Thanks .

I have two external hard drives that sit in a drawer beside my desk. I alternate them in case one gets a virus. 

[Bill Hiatt]

Most good security suites now also have ransomware protection built in. While this is not a substitute for making appropriate backups, it's a way to reduce the likelihood that you'll need to use them. I do both things, plus being cautious about opening anything. (I get emails with suspect attachments all the time.)