PDA

View Full Version : Back up your photos right now



piczzilla
13-05-2017, 6:54pm
Apparently there's a worldwide ransomware attack going on. Not sure if Australia is affected, but it's better to be safe than sorry I reckon.

https://arstechnica.com/security/2017/05/an-nsa-derived-ransomware-worm-is-shutting-down-computers-worldwide/

Please back up your photos to an external drive and disconnect the device that contains your backup.

arthurking83
13-05-2017, 9:33pm
This is why I got a NAS.

I have two copies of all my important files on there, images and important docs.
I have an external drive for images connected to PC too.

One of the drives on the NAS can't be seen by any device on my network, so in essence is totally hidden from any computers.
My only access to it is via the NAS software which is the only way to access it.

My sister got one of these ransomware trojans a few months back, it came via a PDF file claiming it was an invoice. She has a newsagency business.
I can't blame her for just opening it, as most folks are prone to doing, but it then searched for many doc types, word, xls pdf and so on ... and locked 'em up with encryption.
I searched around to see if there was any way to get them back, but in the end it was decided it was going to be either too costly, or too much stuffing about.
We just deleted everything, I got her all the parts needed for a new PC, and the old one was simply quarantined from the business network for a while as we found any semi important files she may have still needed.
The one thing we definitely weren't going to do was pay the ransomware lowlifes. From memory about $200ish or so.
Luckily, the really important files in her daily business routine were proprietary file types for the two POS machines and it's associated database structure that needed to run on the office PC. None of those files were on the ransomeware's hit list of files to encrypt, so she got lucky in that sense.
But I do remember seeing common accounting software file types from the likes of Quicken and MYOB on the list of targeted file types.

The take home from that experience is like piczilla said .. not only do backups, but with these lowlifes now finding this form of criminal activity lucrative, makes sure really important files are not visible via the infected PC, or that any remote files(such as like those on a NAS) are not writeable via the PC they can be accessed from without a password or something.

For me, I'm not so worried if the mapped network disk on the NAS is affected, as the hidden disk has the same data and can't be .. and needs a password to access too.

piczzilla
13-05-2017, 9:57pm
There are so many attack warnings that I usually don't take warnings seriously. But from the chatters in the macro community, this one seems very serious. It hit UK quite hard - local repair shops have reportedly been flooded with affected PCs. Some paid the ransom but only got partial recovery *ugh*

I'm making backup as we speak type...

ricktas
14-05-2017, 6:16am
There are so many attack warnings that I usually don't take warnings seriously. But from the chatters in the macro community, this one seems very serious. It hit UK quite hard - local repair shops have reportedly been flooded with affected PCs. Some paid the ransom but only got partial recovery *ugh*

I'm making backup as we speak type...

I also think the media hyped this up a bit as well. Yes for those infected, it is not good. Apparently there are around 59,000 computers worldwide that have been affected/infected. Not that many really when you consider how many computers are out there. What I found amusing was that most of the infections occurred within government organisations. Meaning (1) governments are the worst at keeping their systems updated and (2) government employees are more likely to click on stupid links in emails (3) Poms like to click email links more than the rest of us. :D

piczzilla
14-05-2017, 8:47am
(2) government employees are more likely to click on stupid links in emails (3) Poms like to click email links more than the rest of us. :D

Can confirm :lol:We get weekly reminders not to click/open anything weird. And some do it anyway....
The number seems to be climbing, but at least it hasn't hit Australia yet.

ricktas
14-05-2017, 8:53am
Can confirm :lol:We get weekly reminders not to click/open anything weird. And some do it anyway....
The number seems to be climbing, but at least it hasn't hit Australia yet.

Radio station here in Hobart was hit with it. Even though the news services are saying there are no reports of it happening in Australia. spose a radio station in Hobart is not interesting enough to create something dramatic to report on.

John King
14-05-2017, 10:00am
A client had one of these ransomware attacks a couple of years ago. Fortunately, nothing important was on that computer and the virus could not parse UNC pathnames. The results were ugly, f'ugly ...

Off line backup is the only real protection.

News article here:
http://thenewdaily.com.au/news/2017/05/13/shadow-brokers-cyber-hack/

John King
14-05-2017, 11:46am
A client had one of these ransomware attacks a couple of years ago. Fortunately, nothing important was on that computer and the virus could not parse UNC pathnames. The results were ugly, f'ugly ...

Off line backup is the only real protection.

News article here:
http://thenewdaily.com.au/news/2017/05/13/shadow-brokers-cyber-hack/

Further to the above, a little knowledge helps a lot. The virus gets onto your computer via one of these main avenues:

1) Visiting an infected web site in your web browser (unlikely, specially if you run anti-malware s/w);

2) Clicking on a link to the above in an email (VERY likely. We get perhaps a dozen of these a week ... );

3) Clicking on an attachment to an email that has the virus in it.

4) Reading (inserting) any USB or other memory storage device into your computer after it has been used on an infected computer. Enable SCANNING of your USB devices in your anti-virus program. It is annoying, but not as annoying as getting some of these viruses.

5) Using pirate software can (will ... ) open ports on your modem and in your operating system that allow malignant code access to other computers and the Internet! Sometimes this viral code advertises the open ports to other more malign programs. The pirated s/w program is usually relatively benign. Its activity or presence may or may not be detected by your anti-virus s/w.

With (3) above, the attachment might have an innocuous looking filename - commonly ending with ".pdf". However, both Apple and Microsoft operating systems block the display of filename extensions by default, so the supposed .PDF file may really have an extension of ".ZIP" or ".EXE". The kind of .ZIP file that is attached is a self-extracting, self-executing ZIP file. Any executable file can be executed directly from either email or TEMP folders.

This threat can be minimised by disabling 'Hide file extensions of known file types'. This should be the default setting ...

There are ways of preventing any executable file from executing from any folder, particularly the email and TEMP folders. It is not overly difficult, but involves direct editing of the Windows registry, so is not advised for the feint of heart. Direct editing of the registry can lead to an unusable computer, so I will not go into this methodology further here ... Suffice it to say, this should be the operating system default.

Apart from having the online protection of Telstra email servers that perform real-time virus detection of email viruses, I utilise a multi-pronged approach to avoiding viruses on my computers.

I run the following on all our computers:

a) A firmware/hardware based firewall built into our fairly modern cable modem;

b) An ancient firewall program from 2004 (! it is called Safety.Net). It does not require updating as it does not use heuristics to detect viruses, as do all modern firewall programs, whether firmware or software based. It uses a simple GO/NO GO test. If a program is new or its checksum has been altered, the firewall program asks the user before the program is allowed to access either the internal or external network (Internet). After a preset time, the access is disallowed (the default action). It prevents viral material spreading on an internal network, it nothing else.

c) SpywareBlaster. This program maintains a list of bad web sites, and will give a warning if you attempt to browse to one. It offers zero protection from a program that is already resident on the computer.

d) SpyBot Search and Destroy. Apart from maintaining an additional barred web site list via the system HOSTS file, this program can offer real-time protection against active infections on the local computer using its TeaTimer program. As the name suggests, this can slow the computer down ... . I tend to turn it on only if I suspect something might not be right, or if I am doing anything that is potentially risky - this latter is part of my stock in trade. TeaTimer works by monitoring the Alternate Data Streams software (ADS) of the operating system. This is part of the system that permits apparent multi-tasking, and it is much loved by virus programmers.

e) AVG Free. This performs real-time protection from many viruses and their ilk.

f) MalwareBytes. Every month or two I run a full computer scan using this program. It takes about 8-12 hours ...

NONE of these will protect you from RANSOMWARE!!

Ransomware works after downloading by using the ADS system (or direct execution in a hidden process) and by using the computer O/S encryption program/s to encrypt all files of the types specified in the virus. As far as all your anti-virus s/w is concerned, this is perfectly normal behaviour so is left to do its dirty work unimpeded.

My wife is under strict instruction as to how to avoid these traps. DO NOT open emails from unknown sources at all. DO NOT open any email attachment unless it is from a known, trusted source AND you are expecting the attachment. DO NOT open any attachment that has a ".EXE" or ".ZIP" file extension (BUT see above!).

I hope this is of some help to someone.

John King
14-05-2017, 4:35pm
Since I wrote the above this morning, I have been bringing my knowledge up to date on this subject.

It appears that MalwareBytes has developed an anti-ransomware module for their A/V program, beginning last year as Beta versions in stand-alone software. It is now incorporated into their (paid) software, which is available here:

https://www.malwarebytes.com/

I have followed all the Beta releases on their forums since this morning, and it appears that this new addition to their product will pro-actively prevent both known and unknown ransomware infections. I cannot attest to its effectiveness from personal experience, but it does look to be the goods!

In my personal opinion, if I were to buy A/V s/w, this is the one product I would recommend, and have for years now.

It would certainly seem to be worth paying for their licensed product for this feature alone IMO. Even if it were not 100% effective, it seems to tackle all the common ransomware exploits head on.

I hope that this helps someone.

piczzilla
15-05-2017, 10:20am
I can recommend Sandboxie, and can vouch for its effectiveness :)

https://www.sandboxie.com/index.php?StopRansomware

agb
15-05-2017, 10:41am
Since I wrote the above this morning, I have been bringing my knowledge up to date on this subject.

It appears that MalwareBytes has developed an anti-ransomware module for their A/V program, beginning last year as Beta versions in stand-alone software. It is now incorporated into their (paid) software, which is available here:

https://www.malwarebytes.com/

I have followed all the Beta releases on their forums since this morning, and it appears that this new addition to their product will pro-actively prevent both known and unknown ransomware infections. I cannot attest to its effectiveness from personal experience, but it does look to be the goods!

In my personal opinion, if I were to buy A/V s/w, this is the one product I would recommend, and have for years now.

It would certainly seem to be worth paying for their licensed product for this feature alone IMO. Even if it were not 100% effective, it seems to tackle all the common ransomware exploits head on.

I hope that this helps someone.

I've use the beta and now the premium. Malwarebytes emailed me to say that they believed that their premium product with realtime protection turned on it would protect against WannacrpytOr but that the free version does not. It certainly is not an expensive product and worth its small cost.

John King
15-05-2017, 1:31pm
I can recommend Sandboxie, and can vouch for its effectiveness :)

https://www.sandboxie.com/index.php?StopRansomware

An interesting product, thanks. I have tried a couple of sandbox products in the past. They both had limitations I couldn't live with.


I've use the beta and now the premium. Malwarebytes emailed me to say that they believed that their premium product with realtime protection turned on it would protect against WannacrpytOr but that the free version does not. It certainly is not an expensive product and worth its small cost.

Yes, Graham, a very small price to pay.

A further update on the current version of MalwareBytes: the anti-ransomware module does not work under WinXP. However, I have appropriate execution prevention enabled on our computers running XP Pro. All other features of the program work under XP Pro. All features work under Win7 Pro and later.

However, I still maintain what others here and elsewhere have said: all computer users should be aware of, and use, safe working practices that protect against the threats I outlined above.

We have our bank accounts set up in a similar manner. The most that can be hijacked is the small amounts kept in operating accounts with debit cards attached. All other funds are kept in secured accounts not accessible via the debit cards. Just prudent these days, unfortunately.

Craig Zilko
15-05-2017, 8:02pm
I also think the media hyped this up a bit as well. Yes for those infected, it is not good. Apparently there are around 59,000 computers worldwide that have been affected/infected. Not that many really when you consider how many computers are out there. What I found amusing was that most of the infections occurred within government organisations. Meaning (1) governments are the worst at keeping their systems updated and (2) government employees are more likely to click on stupid links in emails (3) Poms like to click email links more than the rest of us. :D

Agreed, not to mention most of the systems under attack are running Windows XP that is no longer supported by Microsoft. An update was released in March to prevent this attack so I feel quite comfortable running a fully updated Windows 10 machine with the normal user precautions, i.e. don't click on links in emails from unknown sources etc.

chaosboi
15-05-2017, 9:41pm
Always have black up's on the go.
I back up to one portable drive, and two external drives connected to my Mac.
I also back up full image size to Dropbox and use Google photos free option for a last resort, but also for finding photos quickly.

ricktas
16-05-2017, 7:02am
I would add, don't just jump and do a backup when you hear about a virus, trojan, phishing scam etc doing the rounds. Make it part of your regular workflow.

Another thing, that I do, is have two computers. One that is used for 'work' that never visits sites that may be compromised or downloads anything except official updates, which are downloaded from with the app itself. Windows updates, adobe updates etc. I never go to a website and click a link to download something onto this machine. I then have a laptop which I use to do my downloads etc. The laptop doesn't have anything important on it, so if it gets infected, I can just wipe it clean. It's about 8 years old, slow as a snail, but good to keep things isolated. I never access banking etc on this laptop.

So if you have an old laptop lying around ,or even an old desktop. Set it up, and use it.

But please regularly backup data that is important to you, as something as simple as a hard drive failure would be horrid if you did not have a backup (at least one).

The other thing is that if you backup after you have a nice little bit of unwanted code on your computer, cause you heard a bad thing is doing the rounds, there is a good chance that that bad thing just gets backed-up too.

Tannin
18-05-2017, 9:28pm
If people spent one quarter as much time, money and effort making backups as they spent loading anti-this and anti-that software onto their computers, they'd be a mile better off.

Four simple rules

1: You are only as safe as your most recent backup.
2: You are only as safe as your least recent backup.
3: If you don't understand exactly how your backup works, you are doing it wrong. Do it a simpler way.
4: If you can access your backup without getting out of your chair and plugging something in somewhere, throw it away, it's useless.

Now it may see that Rule 1 and Rule 2 are contradictions. Not so! A recent backup is good for all the changes you have made lately. If you took a wonderful, wonderful picture yesterday but your newest backup was last week, you are screwed. An old backup is essential too. Often, problems don't become apparent until long after the event. Three reasons: (a) Infections are often designed for delayed action, so you need a backup made before you got it. (b) Subtle data corruption is often non-obvious. It can be weeks before you realise that your files are damaged by a subtle hardware failure. It is quite rare, but it does happen. (c) Your own human error isn't always obvious either. It is so, so easy to accidentally delete something important and not realise for weeks, months, even years afterwards. Then you need it and .... eek! A fresh backup is useless to you: you need an old backup made before the error.

Look at your backup folders. Can you see the files? Can you view the pictures? Do you know where everything is? If I gave you a brand new blank PC and installed your usual programs on it (Word and Photoshop, for example), could you simply drag and drop copy the backup files over to your documents and pictures folders and start work the same as usual? If the answer is "no", you are doing it wrong. Backup a simpler, more intuitive way. Backup in a way such that YOU can see what is going on. It's YOUR data, YOU are responsible.

(Yes, yes, there are a hundred different Magic Backup Programs that do everything for you, and can backup stuff that's quite hard to do yourself. Quite often they even work. Then again, quite often they don't. And there is no foolproof way to tell which! If you can't verify your backups, at a glance, with your own eyes, quickly and easily, you're not making sure of safety, you're just having a punt on it and hoping everything works.)

The only, repeat only safe and useful sort of backup is off-line backup. If you don't have to get up and plug something in to read it, it's damn near useless. Make it, unplug it, put it somewhere safe. Better yet if it's kept in another building or another suburb. And, of course, you don't have only one copy. Have three, have ten if you like! External hard drives are so cheap you can buy a half-dozen different ones for les than half what you spend on a single lens. And if something goes wrong with the lens, it's only money. Save up and buy another one. If something goes wrong with your backups, there is nothing, repeat notyhing you can do. You are completely screwed.

By all means run an anti-virus program if you want to. They usually don't do too much harm and sometimes they do something good. But that's not what makes you low-risk or safe.

Good computer hygene makes you low-risk.

BACKUPS MAKE YOU SAFE.

-------------------------------------------------------------------------------------------------------------------------------------------------

PS: you see all that lovely camera hardware in my sig? Do you know who paid for it? People who didn't follow this advice and had to pay me to rescue things for them as best I could. I've been in PCs for 30 years, and I never get tired of telling people how to backup. It is the single most important skill there is. And it's not hard. It's dead easy. And it's cheap. I've spent half a lifetime being kind and reassuring and understanding to desperate people who are facing serious loss of important data because they couldn't be arsed making even a single backup, and trying to recover what I could for them. That was my job and I was good at it. But now I am retired and I don't get paid to be polite anymore. So next time you lose important data to this or any other scumware attack and you haven't got a backup, I won't be polite, I'll say "you stupid tool, what else did you expect?" And I'll be right.

arthurking83
19-05-2017, 12:09am
and ps.
Don't assume that because you have backed up, that the backup is complete or of a high integrity.
Make sure your backup routine does integrity checks or verification that the backed up data is not corrupted too.

A few years ago, in the process of doing backups to my usual external HDD, somewhere along the backup routine, some images must have got corrupted.
So I assume that the images I was backing up from were ok, but the data(images) being backed up too, were borked.
Of course I didn't know this, as my backup system back then didn't include a proper verification process.
So at some point much later, when I backed up from the backup data(ie. from the source with the corrupted data) to either a new source(and deleted the original good data) or a new version of course I was backing up bad data.

I couldn't pinpont the exact fail in my process, other than I'm pretty sure it was via a USB3 connection which must have dropped the connection somehow and inevitably the data got corrupted.
I lost about 20 or so files(raw), and had a series of images that I could estimate the value of those corrupted images. Nothing of real importance, luckily for me.

The only reason I noticed the corrupted data was that I used a program to help manage my keywording/catalog(which didn't work in the end tho!) .. other than it allowed me to view all images irrespective of the fact that they were in subdirectories within subdirectories within subdirectories .. etc, etc, to infinity ...
That software is XnView .. highly recommended to display all your images even if they are in multiple layers of folders. It has a neat(if slow) ability to display thumbnail sized snapshots, and any image with a non image(or generic) thumbnail may well be corrupted.
That was the only reason I discovered those corrupted images.

Note that data transfers aren't the only reason files become corrupted, and bad data blocks could play a factor too(although not very likely with a modern OS with a modern file system).

Once I discovered the issue, I found RichCopy4 was a great bit of software for backups, but have subsequently moved to using FastCopy(64bit) as it's a tad quicker to to it's job.
If the data needs only counted in the hundred of gigabytes, I'd still be using RichCopy, but when it inflated into the terabyte region, file transfer speed is everything.
The difference is counted in hours rather than days!

The other piece of software I use is FreeFileSync. Not really a great way to do backups, but when you're doing cleanups, it's handy and idiotproof interface is handy to have access too.

So now what I do is to manually check the data integrity with a visual check the entire data store, using XnView .. which even with over 100K raw files to inspect isn't as bad as it sounds .. just slow!
Once that's done I back that lot up, and keep it safe from even my prying eyes. I may call that backup drive Z: That remote drive is on a NAS, so that it can't be accessed easily or without going through hoops.
The other backup is the accessible version on the same NAS and this is the one that is the regular daily/weekly/whateverly! .. backup. I call that drive A:
Z: is the baseline, already checked visually to confirm no more corrupted raw or maybe tiff files. jpgs usually are child files, so aren't important in this process.
The regular backup drive on the NAS is A: so I have somewhere to backup my primary backup(which is an external USB drive on the PC).

Corrupted raw files are still kept, in the hope that one day they may be uncorrupted via some amazing new software, or their used as crash test dummies for any software I try to fix them.

I've contemplated using a snapshot system, but decided against. And I've thought about using a RAID system for the drives I now have, but again the loss of a drive(in terms of available space) vs the fact that data corruption can come from anywhere .. I thought the benefits just weren't compelling enough.

The key to all this is the software XnView which allows you to see all your files without having to manually open every folder that contains them(that would be tedious to the point where I can't imagine anyone doing this at all). This is an file explorer like window that you flick through page by page and simply look out for those 'generic' thumbnails as they whizz by your screen.
But make sure that your backup software has data integrity checks .. and Windows file transfer is not one that does .. so copying images from one source to another using Windows File Explorer is not a safe way to do backups!(unless you use the command line, but no one does that).

ps. RichCopy4(Hoffman Utility) FastCopy, FreeFileSync and XnView are all free programs too. You don't need to pay for this kind of software, so spend good money(wisely) on really good hardware.
Note that while Tony says that USB HDDs are so cheap, I've now had two consumer grade off the shelf HDDs die on me over the past few years. (I won't name and shame the brand, but I won't use them any more).
The drives I use now(because Samsung stopped making large cheap mechanical drives!) are WD NAS drives(Reds).
I use 4 in my NAS box, and my external USB drives are now both self built units, using Volans cases(very high quality, and a bit pricey, but worth it) and one with a WD Red, and the other used for other(non image files) data storage is still my years old WD Black HDD.

Steve Axford
19-05-2017, 11:45am
It is worth remembering that the most common way to loose data is - user error. This includes things like: Accidentally deleting the data or backups of the data. Incorrectly configuring the software that is meant to look after the data (backups). Accidents like dropping your hard drive.
Then there is software and hardware issues. Eg disk failure or software failures that aren't a user error.
Finally there is malicious intent. This is probably the smallest reason and can be virtually eliminated by the right software and keeping systems up to data.

I'll tell you what I do. I have a lot of data, around 20TB.
I separate this into three categories - still pictures, pictures for time-lapse and video.
I also separate it into RAW or unprocessed images, and processed images.
The RAW images I archive, and I keep two copies. Some of the disks are quite old now, but I don't try to consolidate them, I just store them. By this stage I know they have the data ok and I don't want to introduce potential problems by trying to consolidate them (user errors).
I keep a historical copy of RAW + processed images on 8TB disks for easy access. I currently have two of these, 1 for time-lapse and one for stills and video. This is consolidated data and I will delete useless data when I see it - hence it is open to user error, but I always have the offline archive (2 copies).
I have my current data : working files which include all most final images or videos, but only the latest RAW files, on a RAID disk array. This allows me to easily access all my data plus I always have two offline copies of the RAW data.
This is all possibly overkill for someone with less than 1TB of photos as a couple of 4TB backups would suffice. Maybe it doesn't matter so much if you lose data, but at least you should have made a conscious decision on that.

Oh yes, I also keep my system up to date and have current anti virus software.

I remember working for a large IT site many years ago and they lost a large amount of data when someone didn't quite understand how to program SAS. They wanted to do a nightly cleanup by deleting all temporary files that weren't allocated. Unfortunately SAS uses a slightly reverse type of logic and they managed to write a program to delete all non-temporary files that weren't allocated. Tape files were included. The program took quite a while to run and the operators worked hard to get it to finish. The next day they discovered what they had done. All would have been recoverable if some programmers hadn't assumed that if a file was written to tape, then it was backed up (since tape was the backup medium in those days). They lost quite a lot of data and it was user error. Over the last 15 years I was there, we only once lost data due to hardware failure and even then, only a few hours worth. I think the moral of the tale is - if you are actively working with data, you have a chance of destroying it through user error.