I'm fairly new to Webroot. I had a couple of questions on what is needed to recover a system that is hit by Ransomware. Sorry, I've searched until i'm sick of looking for answers. I decided to try posting my questions instead. If there is a guide for this already, can someone please point me in the right direction?
Say I get hit with Ransomware and my entire system is encrypted and no longer usable.
1. What steps do I need to do at that point?
2. Do I need to log into my.webrootanywhere.com/ from another PC and try to recover my system?
2. What information do I need to provide to Webroot support for them to try to remotely restore the system?
Basically I want to create an "emergency recovery kit" with details on recovery steps, Webroot contact information, my account info., etc. I want to keep this information external to my computer so that if it goes down, I have all the information needed to start the attempted recovery of my down system.
Best answer by JP_View original
The best recommendation for not recovering from a Ransomware attack but preventing one rather is always Backups, Backups, and maybe just a few more Backups.
(Keeping them disconnected and offline is crucial)
The steps in this Article are probably going to about the best if you do happen to find yourself in that situation. If you have a Backup, then you have nothing to worry about.
Our Support Team should always be involved for all issues related to Threats. They'll get all the information they need be remoting onto your System.
For more information about Ransomware, visit our Webroot Threat Blog.
I try to be pretty strict on my backups. I have two external 5TB drives that I use for backups. They are plugged into a power strip and stay of 95% of the time. Every weekend, I do a fresh virus and malware scan on my system If everything's okay, I power up the external drives and then do a data backup to one of the drives. Then every other week I back the first external drive over to the second drive. I hope to one day have a tornado shelter and to be able to store one of the drives in a fireproof safe inside it. just as a added physical layer of protection against some type of home damage.
Guess it sound like I will just need to contact support from another computer if something happens. Thought there would be steps that I needed to do before contacting them. Sorry, was trying to be prepared up front. I didn't want information I needed to supply to the tech support group to be trapped inside an inaccessible PC. Thanks again for the reply.
It sounds like you already have an excellent plan in place for protecting/restoring your data.
Yep, pretty much all you'll need to do if anything does happen is reach out to our Support Team. They'll walk you through all the steps then.
If we can help address any other questions or concerns, all of our super-helpful Community members will be happy to do so!
Your post has got me thinking. I have great confidence in Webroot, nevertheless—if ever, by some terrible twist of fortune, a ransomware was to attack me at the exact moment in time that I was making an image of my disk, I would be completely snookered as the nasty little critter would presumably have merrily skipped over to my connected external disk and encrypted all my lovely images :S
So I think I should from now on alternate between two external hard disks for my imaging (the gaps in data would not be too serious as I have other backup methods I use that would allow me in this disaster scenario to successfully fill in those gaps).
Thanks for your post,
*EDIT: Not Acronis 2017
I did actually have disaster strike when doing my backup from one drive to the other drive. I've always just done incremental backups. On the day I decided to clean up my system and do a mirrored backup, the master drive died right in the middle of the backup!! Of course the target drive wasn't seeing files any longer and started deleting everything! I basically ended up a dead master drive and half empty target drive. I was able to recover quite a bit of deleted stuff off the target drive, but the file names and folder structures were all screwed up. Haven't done another mirrored backup since! Kind of scares the hell out of me now. Backups of backups are good...just be careful!
Rotate 2 external SSDs or HDDs until each is full or close to full, formatting the oldest one just the current one is full or close to full, and on the day that a full image is scheduled to be taken.
Of course, store the oldest one somewhere safe.
Hope that helps as an alternative approach. ;)
I use a portable external drive for weekly backups that I only have connected during backup. I disconnect from the Internet while doing backups so I think the chances of a ransomware attack happening during backup is remote. I also periodically copy an image to my NAS, which is normally set as read-only, to avoid encryption. I also, of course, use the Webroot Cloud and Backup & Sync to backup all of my photos, personal videos, and documents. Then, just to be safe in case of catastrophic failure at home (fire, flood, tornado, etc.) I have a 1TB 2.5" internal HDD that I had replaced with a SSD that I keep at work. I occasionally bring it home to update the backups of all of my home PCs, and then return it to my desk at work.
Hopefully I have the bases covered. :S
Yeah, that's another weakness of mine. With a job where I'm living over the shop (and anyway I'm now almost completely retired), that's kinda difficult. So it means, if I have a theft or the house burns down, I'm snookered. But all of my data is remotely backed up with Crashplan, so only my systems and apps would be snookered and as it's best to start from scratch with a new computer, that's not so bad.
Remote but not impossible. You could have been infected before imaging and the infection activate during imaging. Of course, your other point about disconnecting from the Internet while imaging is a very good one, and one that came to mind while I was reading mightymo's post. Something I haven't done up till now but I am now going to try to practise.
I totally agree. Having said that, I find if you just keep to imaging and nothing more, it still seems pretty sound (so far... :S)
I've often thought of changing to Macrium (not least because it's free!!). But I've always been worried that it might prove less user-friendly for a computer noobie like me. Any thought on this,
I was of the same view as you, and so used Acronis...until it became a resource hog/bloatware, and so decided to take another look a Macrium v6 (had dabbled with AX64 Time Machine...but unfortunately that came to nothing).
Macrium is now relatively easy to set up...if somewhat more complex than Acronis...but it is far more flexible IMHO...can really be tailored to give you an imaging schedule that suits you.
Note though that the free version is of course less functional that the paid version and some key features only appear in the latter (obviously)...so it depends on what you want your back schema be/do as to whether the free is sufficent or if you need to fork out for the paid.
Happy to discuss further via PM if useful...so that we don't take this thread off topic.
It's that little phrase "somewhat more complex than Acronis" that worries me. The weakest point in an image backup system, for a rookie like me, is the ability of same rookie to screw up the backup setup and, equally if not more important, the restore process. Several times in the past, I have had to restore from an image (failed hard disk or other key hardware for example) and it already stretched me towards the limit to study and master the basic principles of the restore process in order not to create a second disaster!!!
If you think Macrium is possibly not beyond my humble abilities, yes I certainly would be interested in entering into a PM exchange with you.
For me, I find Acronis easy to use, but I will admit that I have been using it since 2002 and that may have some bearing on my position.
Acronis has its flaws but I can live with them because the times that I really needed it, I was never let down.
I used it just yesterday when an app upgrade wiped out all of my settings and profiles. When a current restore point taken just before the upgrade failed, Acronis to the rescue… Using the differential image from the night before plus copying my current email and other documents to a different drive to copy back after the restore and in 20 minutes I was back to where I was before the upgrade.
I think Macrum is a fine product but as I said, it is a matter of preference.
Always the best,
Anyways it is a preference. 😉 Happy to know your backup image saved the day! 🙂
It is always nice to be appreciated, especially by someone so golden 😉, so thank you!
Always my pleasure,
Happy to engage in a PM conversation aabout the relative merits...just let me know what you are interested in understanding and I will see if I can assist.
Agree with BD; Macrium is way quicker than Acronis, and much more tailorable to produce the schema that you want, not just what fits the product. And restores are lightening fast in Macrium when compared to Acronis.
Having said that, it is true that one needs to be comfortable with the tool that one uses...but whilst Macrium may look daunting taking the plunge does reveal IMHO that it is more straigth forward than people think...all it really requires is a little up front thought/planning as to what schema one wants to set up...and I would not class myself as even moderately technical.
That's strange! I'm having absolutely no problem with my latest Windows10/UEFI/SSD computer that I bought last August. I just hit the "Choose boot device" function key (F10 for my device) at restart and the selection menu immediately appears. Indeed, after reading your post, I tested with my Acronis bootable rescue DVD media and the process was faultless.
Is it possible that you are talking about entering Safe Mode as that has indeed become a little bit more complicated with Windows 10 quick start?? Or are we perhaps talking about different kinds of machines?
I find Acronis TI Home 2016 on my Windows 10 SSD(apps)+HDD(data) device way faster than Acronis TI Home 2010/2011 on my other two machines (HDD). Having said that, yesterday's (full) image on aforesaid device did take 30 minutes (I seem to remember that previous full images were rather faster—maybe mistakenly?)
Thanks again for your remarks!
I certainly am interested but perhaps not immediately. Rather, when I find time to set apart for dealing with this. It sounds like
Truly, the Jedi unto the rookie speaking
EDIT: Yes, I know this is only saying what you said in your last post. But is also seems to be saying that there is no other way to Safe Mode boot from powered off state. Also, strangely on my new Win 10 machine, although I can't summon safe mode with F8, I still can successfully use the respective function keys to execute the Select Boot Device and Go to UEFI Setup Screen.