Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > alt.comp.os.windows-10 > #182551
| From | Paul <nospam@needed.invalid> |
|---|---|
| Newsgroups | alt.comp.os.windows-10 |
| Subject | Re: Dealing with Windows Security's "Ransomware protection" |
| Date | 2025-02-25 16:09 -0500 |
| Organization | A noiseless patient Spider |
| Message-ID | <vplbiu$26a9b$1@dont-email.me> (permalink) |
| References | <vpkfnq$1vpet$2@dont-email.me> <vpklel.l4s.1@ID-201911.user.individual.net> <vpkn9e$21ock$1@dont-email.me> <vpl2ic$24lmg$1@dont-email.me> <vpl443$24rst$1@dont-email.me> |
On Tue, 2/25/2025 2:02 PM, Ed Cryer wrote: > > Thanks for the reply, Paul. > May I pose two questions? > 1. Why can't normal AV detect those lurking ransomware files? > 2. Do you think my Macrium backup image and Macrium Reflect booting will be sufficient in the event of ransomware? > > > Ed In the event of real Ransomware, your backup is gone, from when the backup drive was connected to the Hot OS. If you never connect the backup drive, except when backing up with the Macrium CD, then I see less opportunity for damage to the backup drive. Right now, I don't know if your backup image is encrypted, or it is infected. Maybe upon restoration, it encrypts itself again. A zero day is sufficient, to remain dormant on the machine and have no signature available in Windows Defender. Microsoft likes to celebrate the cases, where a Black Hat scans their prized plum with Virustotal, giving everyone a heads up of incoming malware. But nation state actors aren't that stupid, and there will be no advance warning "on radar". If the ransomware doesn't tip anything over, it can hide and wait for a month if it wants. Maybe it will be "dllhost" or "rundll" or any number of other anonymous executables. It could even be a "svchost" and blend in with the crowd. I see no reason to be "high-fiving" one another about how safe you are. But generally speaking, with exceptions, you aren't really a target. Attacking you is not "cost effective". Yes, they could make money off you, but they would sooner make money off a hospital. Paul
Back to alt.comp.os.windows-10 | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-02-25 05:14 -0800
Re: Dealing with Windows Security's "Ransomware protection" Frank Slootweg <this@ddress.is.invalid> - 2025-02-25 13:52 +0000
Re: Dealing with Windows Security's "Ransomware protection" Ed Cryer <ed@somewhere.in.the.uk> - 2025-02-25 15:23 +0000
Re: Dealing with Windows Security's "Ransomware protection" Paul <nospam@needed.invalid> - 2025-02-25 13:35 -0500
Re: Dealing with Windows Security's "Ransomware protection" Ed Cryer <ed@somewhere.in.the.uk> - 2025-02-25 19:02 +0000
Re: Dealing with Windows Security's "Ransomware protection" Paul <nospam@needed.invalid> - 2025-02-25 16:09 -0500
Re: Dealing with Windows Security's "Ransomware protection" ant@zimage.comANT (Ant) - 2025-02-25 21:27 +0000
Re: Dealing with Windows Security's "Ransomware protection" VanguardLH <V@nguard.LH> - 2025-02-25 10:08 -0600
Re: Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-02-27 06:32 -0800
Re: Dealing with Windows Security's "Ransomware protection" wasbit <wasbit@nowhere.com> - 2025-02-28 09:37 +0000
Re: Dealing with Windows Security's "Ransomware protection" Newyana2 <newyana@invalid.nospam> - 2025-02-25 11:37 -0500
Re: Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-02-27 06:35 -0800
Re: Dealing with Windows Security's "Ransomware protection" Newyana2 <newyana@invalid.nospam> - 2025-02-27 10:20 -0500
Re: Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-02-27 07:31 -0800
Re: Dealing with Windows Security's "Ransomware protection" Newyana2 <newyana@invalid.nospam> - 2025-02-27 12:11 -0500
Re: Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-02-28 05:17 -0800
Re: Dealing with Windows Security's "Ransomware protection" Newyana2 <newyana@invalid.nospam> - 2025-02-28 11:21 -0500
Re: Dealing with Windows Security's "Ransomware protection" "Allan Higdon" <allanh@vivaldi.net> - 2025-02-28 15:39 -0600
Re: Dealing with Windows Security's "Ransomware protection" Newyana2 <newyana@invalid.nospam> - 2025-02-28 22:29 -0500
Re: Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-03-02 05:59 -0800
Re: Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-03-02 05:55 -0800
Re: Dealing with Windows Security's "Ransomware protection" VanguardLH <V@nguard.LH> - 2025-02-28 11:55 -0600
Re: Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-03-02 06:03 -0800
Re: Dealing with Windows Security's "Ransomware protection" ant@zimage.comANT (Ant) - 2025-03-03 00:46 +0000
Re: Dealing with Windows Security's "Ransomware protection" Hank Rogers <Hank@nospam.invalid> - 2025-03-02 19:19 -0600
Re: Dealing with Windows Security's "Ransomware protection" Frank Slootweg <this@ddress.is.invalid> - 2025-02-27 16:12 +0000
Re: Dealing with Windows Security's "Ransomware protection" VanguardLH <V@nguard.LH> - 2025-02-27 14:03 -0600
Re: Dealing with Windows Security's "Ransomware protection" ...w¡ñ§±¤ñ <winstonmvp@gmail.com> - 2025-02-25 11:57 -0700
Re: Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-02-27 06:38 -0800
Re: Dealing with Windows Security's "Ransomware protection" ...w¡ñ§±¤ñ <winstonmvp@gmail.com> - 2025-02-28 10:56 -0700
Re: Dealing with Windows Security's "Ransomware protection" "John C." <r9jmg0@yahoo.com> - 2025-03-02 06:05 -0800
csiph-web