cyber attack

I installed RansomFree some months ago.

First of all it claims to work, but it basically uses 'honey pots'. Creates folders and files in various places and 'hope' they get hit first by a virus. Once they start doing the encryption the program will recognize that and take action. Sounds good, but I don't know if it halts it while waiting for you to respond or not? While the idea seems good, if I'm a ransom maker I'd think this 'protection' would be easy to circumvent. For instance it created these two folder when I booted this morning:

==========

Directory of C:\

07/03/2017 05:44 AM <DIR> Acfound158
07/03/2017 05:44 AM <DIR> Xuse250
=========

First and last alphabetically on the C: drive. Each of those folders have similar content:

============
C:\>dir acfound158
Volume in drive C is OS
Volume Serial Number is EEE1-088E

Directory of C:\acfound158

07/03/2017 05:44 AM <DIR> .
07/03/2017 05:44 AM <DIR> ..
07/03/2017 05:44 AM 258,078 AKnToGfb.jpg
07/03/2017 05:44 AM 424,380 artsabnormal.doc
07/03/2017 05:44 AM 24,349 dull accompany nine capital.txt
07/03/2017 05:44 AM 97,542 germany-autumn.rtf
07/03/2017 05:44 AM 14,587 kept_handshake_waited_similar.sql
07/03/2017 05:44 AM 214,614 like-align-hypothesis-telescope.mdb
07/03/2017 05:44 AM 54,504 magnificent.bake.pem
07/03/2017 05:44 AM 501,570 performedsteele.xlsx
07/03/2017 05:44 AM 78,110 substances-forms-homework-legislature.xls

07/03/2017 05:44 AM 275,440 toneyesterday.docx
10 File(s) 1,943,174 bytes
========

Similar folders are in other folders and drives as well.

I would think that there would be an easy way to first tell is such honey pots were there by first checking the boot time and then skipping these? Also don't go alphabetically?

My C: is an SSD and these do cause unnecessary writes to it as well. Also my Security Suite (both McAfee and Norton) sent me e-mail telling me I WAS protected by the recently released Ransomware.

I'm still running it, seems to be almost no load on the system anyway, just wonder how robust it is?

Just got a 'newsletter' that states MS is adding 'some sort of protection' for Ransomware to W10. See www.infopackets.com/news/10136/windows-10-gets-anti-ransomware-feature which seems 'interesting'. Of course you must run Windows Defender too (it seems to get along with both McAfee and Norton?) to be able to do this. Depending on how good the included WhiteList would be it might be workable. Of course, I would suspect it would take long for Ransomware makers to possibly circumvent this protection. First way coming to my mind is name the virus EXE file the same as one on a WhiteList. Another would be to discover how Windows Defender did this and either when started remove the protection or put itself on the list.

As for the Ukranium company, well they are in some hot water, they were warned before about old known compromised s/w on their servers (www.theverge.com/2017/7/3/15916060/petya-medoc-vulnerability-ransomware-cyberattack) and didn't take any action. The thought is a supposed update that was pushed out by those servers were Petya.

What I listed isn't a problem for me on my PC, I use MailWasherPro as an e-mail front end. It is able to classify the 2 forms of the basic body for me (the BITBY catches more than the ones I don't want) and colors them so I see it. I can click on it as MWP defaults to text and it is easy to see as it is just random words. However when I get my email on my iPad it uses HTML... and these all (both types) show basically legitimate (possibly) web pages. I can't be sure of the game here, I don't think it is to infect more to get paid for referring someone to look at the page? Can't be 100% sure though... and I've not figured out the string of numbers and characters as to what they do?

I've been here randomly... just reading mostly.

I worry about getting blasted. I worry about the security of my backups. Right not I do it weekly. I can afford to lose up to 1 weeks worth of 'stuff'. Mostly mail and some game progress. Don't do anything else in terms of 'work' on the PC, and surely nothing that couldn't be recreated.

Why I worry is what if the attack can find my backups and lock those? I've got them on an always attached External drive. I use Acronis for backup. As far as I know the ransomware payloads only encrypt some specific extensions. Can't do all ones as if they did the Windows wouldn't run. Might be FOLDER driven even to bypass MS files that are JPG's or PNG's or any other that they'd normally encrypt. If I was a writer of such a payload I'd encrypt any backup I located based on known extensions. If they do that, I'll be in a world of hurt? Right now I'm copying the last backup file over to my Network, a USB External drive attached to my Router. It is NOT assigned a drive letter but using Windows Explorer I can open the router and get to it (I should write a task to run an hour after backup creation using the URL of the drive, too lazy right now) but could the ransomware is the question. I know they do propagate over network, so I have to worry about my wife (similar setup to mine, Acronis, external drive always on), and even a grandkid that comes here occasionally getting infected. If I was REALLY PARANOID I guess I could disconnect the External drive when not in use, but that is a pain too and I'd probably forget to reconnect it before Acronis ran.