Click to close the image preview

Showing results for 
Search instead for 
Do you mean 
Announcements
CONTEST ANNOUNCEMENT! Enter to win a $50 Amazon Gift Card!
Tell us a personal story of a time when Mozy really helped you out. Did you think all was lost but found Mozy had what you needed? Did it "save your bacon" so-to-speak? Check out the latest blog for details on how to enter for a chance to win!

Latest Blog: How to Set Up Multiple Log-Ins for Your Account
Want to set up multiple sets of credentials so different people in your office/home can log in to your account? Check out today's blog for more information on what you need and how to do it...
gbjbaanb
Cook

(3)

Being Discussed

Ransomware protection

I have a suggestion for protecting users from ransomware attacks through Mozy backup.

 

simply, when ransomware changes a file, it encrypts the entire file so when Mozy comes to back it up, its load suddenly increases - instead of a small delta, it now has to backup an entire file. Mozy could alert the user when this happens, either before performing the backup (ie to also save the user's upload bandwidth) or afterwards so the user can check and restore old, good, files before they are lost from the 30day backup history.

 

I imagine Mozy could pop a dialog or a status-bar icon when it detects a file's delta is not small (ie if the diff results were equal to or greater than the last file size for example), and let the user flag the file as a once-off full change (eg a file the user has replaced with the same name), or to ignore (if the file is going to be fully replaced regularly) for future backups.

 

Looking at my backup history, there are a lot of files that are changed in small ways, browser DBs for example, but the backup that is uploaded is tiny in comparison. I would love to know if a file I expect to be never changing gets replaced without my knowledge - by a ransomware attack for example - so I can deal with it before it becomes a problem.

 

thanks

Andy

 

0
Comments
zachm
Admin Emeritus

(402)

Andy I'm going to take this to the discussion next month but I assume I will be told that it's a no go because the file sizes can change drastically and completely from day to day for different organizations. BUT! I'll bring it up because its revolutionary ideas like this that make a product great.

zachm
Admin Emeritus

(402)

Status changed to: Being Discussed
 
gbjbaanb
Cook

(3)

Cheers.

 

I understand some files will change completely anyway, but generally these are files that are transient anyway, and best highlighted so the user can exclude them from the backup (if you're a bit OCD) or ignored from reporting if not. I'd say Mozy could recognise how often a file changes significantly and mark it as such, so transients like these would soon become known to the app so it could quiet any change reports from those files. eg a log file gets backed up, but it is reset every time the writing program starts, you'd say this file should not be backed up at all as its too transient. Programs that generate files that you want to keep tend to have different names (as you do not really want them overwritten!) so they do not appear to change completely, as there is no existing backup of these yet.

 

That leaves the occasional file that changes completely, I'd be happy to know these changed if it meant I was being informed of malware-driven change. The trick here is to make the notification quick and easy to ignore, so maybe add an option to the tray icon (that would change colour or icon when it had something to report) so I could see the last backup set with significantly changed files highlighted for further inspection.  So if I see the mozy icon change from its usual orange-grey to red, then I can right-click it, choose "show last report" and see a list of files that were changed.

 

Anyway, good luck. I think something like this would be a good selling point for home users at least, though enough governmental organisations, hospitals etc, have been caught out and made to payup that it should be more of a selling point for enterprise users too. Saying not to make a change like this just because "some files change a lot" sounds like an excuse to not think how to achieve something positive and useful. After all, I'm only asking for slightly different reporting of significant file changes, hardly revolutionary.

 

Incidentally, what made me think of this was a mistake I made - I copied a multi-GB file into a directory I was backing up, and Mozy refused to do the backups (ran out of quota). I figured if I was hit by ransomware, my next backup (and my network perf) would suddenly crawl to a slow as it sent many GB of data up to your servers. Its possible you only want to flag up a big warning to the user if many files suddenly change to requiring full backup, but I figured that would be crude and Mozy could be more sophisticated in how to detect files that never change suddenly being changed while ignoring files that change regularly.

 

 

good luck in the meeting.

username...

Master Level 1

(3043)

The Mozy app could easily give a user a warning if some threshold was crossed... say, if 95% of backed up files require a full upload, then let the user know. BUT - the ransomware should have already told the user that the files are encrypted before Mozy knows about it.

 

Newer versions of ransomware will encrypt far more than just user created documents, images, videos... These new versions encrypt lots of stuff that the Mozy app probably is not backing up.

 

Ransomware can be quick (less than an hour) or very, very slow (more than a week) to encrypt the files. It mostly depends on how much time the computer is turned on and how strong the CPU is with respect to doing Math. Those cursed with Celeron processor, probably won't have their files encrypted as fast as those with stronger CPUs.

 

The best protection against unwanted file encryption is to create lots of rules that prevent the computer from doing stuff like that.

 

Malwarebytes has a tool in Beta that will create those rules for you (https://forums.malwarebytes.org/topic/177751-introducing-malwarebytes-anti-ransomware-beta/). Free users can get help with this app.

 

The immature folks at Foolish IT have a much more mature product named CryptoPrevent (https://www.foolishit.com/cryptoprevent-malware-prevention/). Free users can NOT get help with this app. If you use the on-screen keyboard built into the Windows OS, read this post (http://oldforums.foolishit.com/viewtopic.php?f=34&t=2361&sid=e1977c7c261d733e7e3b6e59ebae1781). Just don't put a check by that Filter Module.

zachm
Admin Emeritus

(402)

@username_issues your Foolish IT links tripped the filter again. The links were not working because it actually changed the URL but I went in and fixed it all. Should be good to go now.

username...

Master Level 1

(3043)

Thanks.

 

Intentionally naming a company Foolish IT is sophomoric humor. I wonder how much word of "mouth" business they have lost because many forum filters will automatically remove/replace part of their domain name.

 

Their interactions with people in their forums is immature too...

...but CryptoPrevent is a good tool - for now.