Windows 10 Malware, Ransomware and Bit-locker Security.

[Shayla Blackthorn]

Hi. I recently lost 100,000 personal pictures and a lot of music I wrote for many years. I lost it to a ransomware, with a DOCM extension. I looked online and it said it was new and the encryption was done repeatedly up to 10 times deep. I happened to have ALL my backup usb hard drives attached that day. Yes. It was a total wipe of my life history. Since about 1990, it all went WAY BACK.


MY QUESTION is, I have since encrypted all the backup drives (fairly empty now) with Bit-locker security. Now, if I get a ransomware attack and the drive is LOCKED, I assume the files are safe? Since to the system they do not exist? The reason I am asking this is this ransomware hit that I got last month, was able to destroy a hard drive with a read only attribute on one partition; A Western Digital "My Book" drive. It corrupted the "CD read only" partition and the drive had to be re partitioned as on large drive. Before the attack that would have been impossible as it appeared as a CD.


So would a Bit-Locker USB drive locked but attached to the computer be safe? I sure hope so Let me know...

 

[Neemobeer]

No bitlocker only protects data at rest from being accessed. It's still accessible when in use and ransomware could still encrypt that data. The fact that it's also bitlocker encrypted means nothing.

 

[Josephur]

Your best defense is either a detached from system backup, or a continious backup solution like Carbonite that is always backing up your data to the cloud with multiple revision backups. And of course decent Antivirus.

 

[WindowsPro]

As other already confirmed, Bitlocker is only a protection against theft of data while your computer is turned off..

But you should have used ONEDRIVE to "backup" recently used files and folders.. (They claim to have protection against ransomware that trys to encrypt your data)..

Most important is that now when you already has reinstalled Windows you should use it as it is intended to be used..
Just like Linux and Mac is... That is you should create a separate, dedicated Administrators-account (like: PCAdmin)
and use a regular account your self..

Did YOU know that Windows is actually to be used n the same way that Mac and Linux are used? Not! Then I suspect that your computer only has a SINGLE account, YOURS (which is also the computer's only Administrator-account)! ..--..
By always using the Admin-account you hinder important security-features from working as intended. In fact: Most computer-viruses REQUIRE you to be logged in as admin to successfully infect your computer, So NOT logging on as Admin actually protects you better, than your virusprotection does. This is why Mac and Linux are ALWAYS used with a limited account which, if necessary, can be temporarily promoted to "Admin". And this is also the reason why you should always have a separate admin account and use a normal user account yourself. (Even when you are the only one who uses the computer). UAC helps you when Admin permissions are needed.

Source: "windowsguides.eu"

And please use the best antivirus-protection you can find: Sophos Home. Cybersecurity Made Simple for Home Computers. The free account give good protection for 3 PCs/Macs.. The premium is the toplevel protection of today and protects up to 10 PCs/mac..
Sophos ranks #1 for endpoint protection by SE Labs
Sophos Home Premium is here

But if you worry about viruses and other attacks, you really should install and use your windows 10 computer in the way it is supposed to, just like a Linux or mac already is.. please check out: http://windowsguides.eu for more information...

 

[Shayla Blackthorn]

Thank you all for the replies. I did try to find some decryption for the files but never succeeded so wiped everything out. Fresh start. I know I should have saved the data but didn't. I now use a great antivirus and unplug my usb drives, and love the "Try and Decide" of Acronis True Image backup. I also use windows new sandbox, which is super cool, but the Acronis program lets you enter a sandbox mode on your real computer, and do whatever you want and test stuff and wreck stuff and then... and here's the real good part, you get to CHOOSE. Reboot and go back to the exact point you turned it on, and everything is gone that you might have infected or deleted or ruined... OR you can, if all works out good, KEEP all the changes. I have never seen this approach before, and it is amazing. Now I knew about backups, protection and all that but there was this one little wee program that I had to let windows defender allow on my computer. Yes it was the A bomb. It was a split second descision that killed my world.

I have learned a LOT. I do keep the bitlocker drive locked when I'm not using but yes I shall pull the cord out from now on

 

[Josephur]

The only problem with a Sandbox that lets you persist anything between sessions is that what if your infected with malware/cryptoware that does not immediately activate, and it activates months later? You choose to keep it, not knowing your infected until it hits

 

[Shayla Blackthorn]

Hmmm good point indeed.

 

[celyndavis]

Bit-locker gives the protection when used with a Trusted Platform. The TPM is a hardware component installed in many more recent computers through computer manufacturers. It really works with Bit-locker helping protect user data and be certain that a pc hasn't been interfered.

Though Bit locker is only a protection against theft of data. But as you ransomware that tries to encrypt your data without even in your notice. I think you should use trustworthy Antivirus and keep up data backup after every few days to be on the safe side. I think this might help.