The support forum

Cryptolocker or similar

dimtar :

Dec 03, 2014

Hi all.

I have heard about cryptolocker for ages but recently heard about some people I know personally getting done by it.

My question is related to whether Bvckup2 would protect against this? When a file or folder is deleted Bvckup2 (by default) will add those files/folders to the $archive folder.

Since the cryptolocker virus changes the files instead of deleting them would this then ruin the Bvckup2 files? Or are the files changed so much that they can be retrieved from the $archive?

Froggie :

Dec 04, 2014

Ditmar, I believe CryptoLocker goes afetr ALL files on ALL attached disks with file extensions that meet its particular criteria.  Since the files BVCKUP2 puts in the $archive folder are the same as the original 'cept for a date comment, I s'pect they will get mangled also.

Froggie :

Dec 04, 2014

Sorry, Dimtar... just noticed I spelled your name wrong...  :-(

Alex Pankratov :

Dec 04, 2014

Yep, exactly. Cryptolockers encrypt everything in sight, so given enough time they will also encrypt all your backups as well.

One remedy is to have a dedicated backup machine (or a NAS device) on the network that is granted access to all regular computers, but denies the access to itself at the same time. Then you'd run the backup software on this backup box so that it will be pulling down files from computers and storing them on a local media.

The idea basically is that a computer is getting backed up, but it doesn't actually have an access to the resulting backups.

Froggie :

Dec 04, 2014

I'm kinda speaking out of my... head here (since I've never used such a solution) but maybe a LOCK of some sort (requiring password entry) placed on the BVCKUP2 storage device/folder/<etc.> element could be unlocked/entered through the use of BBVCKUP2's -pre command and locked/logged out using the  -post BVCKUP2 commands.

Worth a thought...

Alex Pankratov :

Dec 04, 2014

You can do this by creating a separate user account on the machine, adding it to the Backup Operators group and then locking down the location where the backup is stored to deny access to the regular users.

That's ... that's actually an absolutely neat solution.

It's *exactly* the same idea as above (with a locked down backup computer), but in the confines of the same machine. Enable real-time sync, throw in a proper file versioning support and it should provide a good protection against cryptolockers. Interesting...

mykophil :

Mar 07, 2016

Hello Alex
Seems to be a good solution. for better understanding:

1) create separate (backup) user account
2) adding this account to the backup operators group
3) locking down the location where backup is story

but how can i tell bvckup2 to operate only as the new user account?

Cheers

Alex Pankratov :

Mar 07, 2016

There are several options.

1. Shift-right-click on bvckup2.exe in Windows Explorer and select "Run as different user".
2. Use "runas" from the command lne
3. Switch bvckup2 to run as a system service and then change the account for the service to run under in service's properties.

mykophil :

Mar 07, 2016

Thank you Alex.

mykophil :

Mar 14, 2016

Dear Alex

So i started to realise this solution.

1)  I could not switch it to a service, because i have the personal version of bvckup.

2) There was a field in the options "run with full administrator rights" but i couldn't change it, because it was gray.

3)  I changed the rights for the hole backup drive to the backup user. only the backup user. The indicator that it works was an error that i couldn't clear the waste, because there were no rights for the system to cleanup the waste.  But: It was no problem for bvckup to do the normal jobs. no error.

I'm not sure if it works. Can you help me please?

mykophil :

Mar 17, 2016

It doesnt' work. To the backup-folders i gave the following rights

User backup: full rights  
User Administrator: Just read

I start windows as administratorm, i start bvckup normal.
Bvckup mysteriously can write on the backup drive. The User administrator not.

Bvckup only should write on the backup drives if i start up with the follwoing command:
C:\Windows\System32\runas.exe /savecred /user:backup "C:\Program Files\Bvckup\bvckup2.exe"

What did i wrong?

Alex Pankratov :

Mar 19, 2016

mykophil, in order -

1) You can switch it to run as a service, but if you run into any problems, then you are on your own, no tech support. That's provision of the personal license.

2) The "Run with full admin rights" field will be grayed out if the app is running under a non-admin account OR it runs as an admin and the UAC is disabled. In former case the option will be unchecked and in latter case it will be checked.

What did i wrong?


Perhaps check who's set as an owner of the backup folders? The setup looks OK to me, it should work.

theMezz :

Apr 28, 2020

I too am worried about RansomWare. I have been testing various imaging sofware and see that backup files created by Macrium Reflect are write protected. Macrium calls it "image gardian".  It works well, the backup file cannot be moved, deleted or written to except from within the Macrium program itself. It would be great to have a similar function in bvckup2 - by the way the user interface of Macrium is painful.
Still looking for a program as nice as Bvuckup2 to image my boot drive.

Thanks

theMezz :

May 03, 2020

Update: Not a fan of Macrium - bloated, chunky, odd UI. The only thing it has is backup files are read only. Overall after a week of testing - blah - not a fan.

MWCS :

May 06, 2020

Would a warning like ">X% of files are due to be updated - Continue?" be a useful option?  Not counting new files or deletions, just where they are due to be replaced/updated.  Ransomware will try to encrypt as many files as it can, so warn if too many files haved changed.

Spencer_Davey :

Jun 06, 2020

I really agree with MWCS. I came here to add just such a suggestion myself.

Have a parameter that can be set so if more than xx% of files are either changed (or deleted) then cancel the backup and throw a warning. Default to 90% in my opinion.

Cheers,
Spencer.

New topic

Create
Made by IO Bureau in Switzerland
Support

Updates
Blog / RSS
Follow Twitter
Reddit
Miscellanea Press kit
Testimonials
Company Imprint

Legal Terms
Privacy