Can you prevent ransomeware

[Ipandor7]

Hi I'm new here just wanting to find out if you encrypt your files with Windows bitlocker, can cyber criminals use a ransomeware such wannacry to lock your data.

I mean it's already encrypted how can they access it 

[Oshino Shinobu]

It'll just encrypt the encrypted data, making it useless to you. Encrypting the data with Bitlocker (or any other encryption software) doesn't make the data inaccessible, it just makes it illegible and unusable until it's unencrypted. 

 

You can remain mostly unaffected by a ransomware attack by having an effective backup solution. By that, I mean a backup that isn't readily accessible from your operating system. If you can just go to your backup and move over files without connecting things or changing settings, then your backup is basically just another drive for ransomware to attack. 

 

With an effective backup, you can just wipe the entire system clean, then restore the system from backup and get all your data back. Ransomware is one of the reasons why RAID isn't an alternative for a backup. I see an awful lot of people setting up RAID before having a backup, which is the opposite of the order you should take. 

 

EDIT: For trying to prevent ransomware, installing security updates promptly (yes, Windows updates can be annoying, but some systems got hit by WannaCry because they hadn't installed the update that patched the Eternal Blue exploit that WannaCry used to spread itself), having an up to date anti-virus/malware (Windows Defender is good, it remains up to date pretty well) and using caution and common sense when downloading things. If you download a song and get an .exe file instead, don't run it. 

[Leonard]

19 minutes ago, Ipandor7 said:

Hi I'm new here just wanting to find out if you encrypt your files with Windows bitlocker, can cyber criminals use a ransomeware such wannacry to lock your data.

I mean it's already encrypted how can they access it 

Yes they can. Ransomware does not care about how your files are stored but they probably will decrypt the Bitlocker encrypted files first then encrypt your files.

 

Preventing Ransomware is very hard especially if your whole life is synced online but you can help yourself to recover from such an attack if you have proper backups offline and in a different place.

[Daniel644]

you can NOT go online, thats the only way to be 100% safe, aside from that make sure you are up to date, don't open attachments you wheren't expecting people to email you and DISABLE MACRO's in Microsoft Word (or whatever text editor you use), a macro is how we got hit at work.

[Oshino Shinobu]

Just now, Leonard said:

Yes they can. Ransomware does not care about how your files are stored but they probably will decrypt the Bitlocker encrypted files first then encrypt your files.

 

It can't (or really, shouldn't be able to, if Bitlocker does its job right) just decrypt the files. If it could, there'd be no point to Bitlocker. There's also no point in decrypting the files, even if it could, it just adds more time for the process to complete. Just encrypting the encrypted files gets the same end result.  

[SnowyMus]

There are a few ways to help prevent against the damage ransomware may cause:

• Install antimalware. This is obvious, but if you don't have antimalware and you run malware and give it access to your PC, there's not much stopping it from doing its thing. This should be considered a last line of defense, however.
   
• Keep your PC up to date. If your operating system isn't secure, then it's going to be more subjected to attacks. Malware probably isn't going to care if you're OS is secure or not if you inadvertently run it, but every little bit counts.
   
• Back up your data. A backup drive will cost much less than whatever amount of money the attacker may charge to restore your data. Make sure, however, that the drive is only connected while you need it, as anything connected to your PC while it's being attacked by malware will get hit by the malware. Backups not only protects you against malware but against other problems like hardware failure.
  
  Note that RAID is not a method of backing up data. If you run two drives in parity and you get hit by ransomware, both drives will be affected.
   
• Secure your browser. Make sure your browser does not open downloaded files automatically. Make sure Java is not enabled in your browser (except on pages that you absolutely need it enabled). If visiting a website with HTTPS gives you an error and your web browser says you should avoid it, do exactly that.
   
• Be smart. Only get your software from trusted sources. If a file randomly downloads out of nowhere and you did not authorize the download, do not open it. Just delete it.

 

Encrypting your operating system volume will not prevent malware from attacking it. Full disk encryption is designed to allow programs (which may include malware you're unintentionally running) to still access the data, and simply decrypt it behind the scenes.

[Ipandor7]

Thanks guy's very helpful

 

[CanonFodder]

There are a few ways systems get compromised. Fishing emails, payloads, and Remote Desktop. The latter being the way some friends went down. The server was left on 24/7 and had RDP services running. In 3 weeks there was around 65000 attempts before they got in. Also in this case, they didn't encrypt any files, they just used WinRAR to create self executing executables with passwords on every file, then used SDelete to remove the originals.