Page 3 of 3 FirstFirst 123
  1.    26 Apr 2016 #21
    Join Date : Nov 2015
    Ohio
    Posts : 463
    Windows 10.0.16299.19 (1709) Home 64-bit

    Quote Originally Posted by Geneo View Post
    UEFI and secure boot will not protect you against ransomware.
    Thanks for the info.
      My ComputerSystem Spec
  2.    26 Apr 2016 #22
    Join Date : Oct 2014
    Posts : 1,555
    W7 32 bit, Linux Mint Xfce 18 64 bit

    Quote Originally Posted by Geneo View Post
    UEFI and secure boot will not protect you against ransomware. All they need to do is gain access to your system and encrypt your precious files. They don't need to encrypt the MBR.

    Offline backups will protect you.
    @Geneo


    The thread is about ransomware that overwrites you MBR but doesn't encrypt the files.

    This nasty ransomware overwrites your PC's master boot record | PCWorld


    Quote Originally Posted by Trust_No1 View Post
    Now to clarify aren't most newer systems UEFI, which no longer uses the MBR method? and thus making the virus non-invasive?

    I thought that was, in part, one of the purposes of UEFI?
    Quote Originally Posted by dmex View Post
    Yes. If you installed Windows via UEFI then that ransomware doesn't do anything since EFI doesn't use boot sectors such as the MBR and uses a EFI file located on the partition. It also helps to have Secure Boot enabled since that also prevents any tampering with the EFI files.
      My ComputerSystem Spec
  3.    26 Apr 2016 #23
    Join Date : Jul 2015
    Posts : 898
    Windows 10 Home

    Just a followup on this topic. Like the title says, the technique is not easy but better than last resort of paying ransom -
    Experts crack Petya ransomware, enable hard drive decryption for free
    The technique is not exactly straightforward, but it works.

    Experts crack Petya ransomware, enable hard drive decryption for free | PCWorld

    http://www.bleepingcomputer.com/news...ator-released/
      My ComputerSystem Spec
  4.    26 Apr 2016 #24
    Join Date : Oct 2014
    Posts : 1,555
    W7 32 bit, Linux Mint Xfce 18 64 bit

    I just got to thinking about this. If booted from a repair cd or windows installation cd, why wouldn't Bootrec.exe /fixboot Bootrec.exe /fixmbr and if needed bootrec /rebuildbcd work on this ransonware?
      My ComputerSystem Spec
  5.    27 Apr 2016 #25
    Join Date : Dec 2014
    Posts : 437
    Windows 10 Pro x64

    Quote Originally Posted by groze View Post
    @Geneo


    The thread is about ransomware that overwrites you MBR but doesn't encrypt the files.

    This nasty ransomware overwrites your PC's master boot record | PCWorld
    I can read, can you? I was responding to "My laptop uses UEFI and Secure Boot is enabled by default. Does that mean that I don't need to worry about ransomware?" which clearly is about ransomware in general, and I was quite specific in my answer.
      My ComputerSystem Spec
  6.    27 Apr 2016 #26

    Hi there

    Again I would recommend ALWAYS USE A CLEAN BACKUP to remove any infection no matter how trivial.

    Even if you use "Cleansing" software you are still working with an infected computer -- so I wouldn't guarantee the integrity of the cleansing process no matter how good the authors of the software say it is.

    I mean would you fly a Dodgy plane and then repair it while it's IN THE AIR. !!!!

    You'd of course want to repair it on the ground and replace defective parts -- same with a PC - boot from a stand alone bootable recovery system and restore a clean image.

    Easily done --don't get panicked by these Ransomware tales --even if you are misfortunate enough to get one of these it's easy to deal with.

    Plenty of decent FREE software for taking images / backups so no excuse --always keep a few and ensure the BACKUP is of course clean (similarly you wouldn't replace a defective part on a plane with another defective part - I hope !!.

    Cheers
    jimbo
      My ComputerSystem Spec
  7.    27 Apr 2016 #27
    Join Date : Dec 2015
    Posts : 6,383
    Windows10

    Quote Originally Posted by jimbo45 View Post
    Hi there

    Again I would recommend ALWAYS USE A CLEAN BACKUP to remove any infection no matter how trivial.

    Even if you use "Cleansing" software you are still working with an infected computer -- so I wouldn't guarantee the integrity of the cleansing process no matter how good the authors of the software say it is.

    I mean would you fly a Dodgy plane and then repair it while it's IN THE AIR. !!!!

    You'd of course want to repair it on the ground and replace defective parts -- same with a PC - boot from a stand alone bootable recovery system and restore a clean image.

    Easily done --don't get panicked by these Ransomware tales --even if you are misfortunate enough to get one of these it's easy to deal with.

    Plenty of decent FREE software for taking images / backups so no excuse --always keep a few and ensure the BACKUP is of course clean (similarly you wouldn't replace a defective part on a plane with another defective part - I hope !!.

    Cheers
    jimbo
    100% agree - image backups are the best protection. You can backup to an NAS drive but I recommend simply using an external usb hard drive as it can be removed and hence less risk of it getting infected.
      My ComputerSystem Spec
  8.    27 Apr 2016 #28

    Agree with you guys regarding backup's (albeit repairing a plane in mid-flight will be awesome tho') but does standard backup tools protect against MBR corruption/rootkits?
    'Suppose repairing BCD with the install media would work - My understanding is that, that is what secure-boot was intended for...
      My ComputerSystem Spec
  9.    27 Apr 2016 #29
    Join Date : Jul 2015
    Kenner
    Posts : 221
    Windows 10 Home x64

    Quote Originally Posted by jimbo45 View Post
    Hi there

    Again I would recommend ALWAYS USE A CLEAN BACKUP to remove any infection no matter how trivial.

    Even if you use "Cleansing" software you are still working with an infected computer -- so I wouldn't guarantee the integrity of the cleansing process no matter how good the authors of the software say it is.

    I mean would you fly a Dodgy plane and then repair it while it's IN THE AIR. !!!!

    You'd of course want to repair it on the ground and replace defective parts -- same with a PC - boot from a stand alone bootable recovery system and restore a clean image.

    Easily done --don't get panicked by these Ransomware tales --even if you are misfortunate enough to get one of these it's easy to deal with.

    Plenty of decent FREE software for taking images / backups so no excuse --always keep a few and ensure the BACKUP is of course clean (similarly you wouldn't replace a defective part on a plane with another defective part - I hope !!.

    Cheers
    jimbo
    Makes good sense to me
      My ComputerSystem Spec
  10.    27 Apr 2016 #30

    Quote Originally Posted by Superfly View Post
    Agree with you guys regarding backup's (albeit repairing a plane in mid-flight will be awesome tho') but does standard backup tools protect against MBR corruption/rootkits?
    'Suppose repairing BCD with the install media would work - My understanding is that, that is what secure-boot was intended for...
    Hi there

    who'se ever heard of a 100% SECURE Jail either -- if it's on a computer connected to the Internet it can be hacked if it's a writeable device.

    If the device containing the backup isn't physically on the machine you are safe - so long as the backup is clean it will always restore decently to a HDD. If you are 100% paranoid you can use one of the several secure erase programs to really clean your HDD before restoring !!!!.

    Image backups are fine --again some of these have a "Paranoia Mode" by backing up and restoring sector by sector --that's not normally required but can sometimes be useful if the Geometry of the HDD you are restoring to is different from the original --i.e can be bigger (or smaller too - so long as there's enough space for the restored data).

    I haven't heard of malware actually corrupting Bioses yet -- the secure boot though only protects the initial boot startup - the actual OS can of course get infected. Secure boot really is only of use to prevent booting from "unauthorized devices" and for most home users is more trouble than its worth - especially if you want to do a lot of testing. Most people usually disable it -- keeping UEFI set of course - the two aren't the same.

    Cheers
    jimbo
      My ComputerSystem Spec

 
Page 3 of 3 FirstFirst 123


Similar Threads
Thread Forum
Windows Update Overwrites new files with old ones.
So I installed windows 10 earlier this week, I believe the 7th of February. The system moves all my files into windows.old. I retrieve my vital files (mostly current projects and some game files) and marvel at how much faster my computer seems to...
Windows Updates and Activation
Solved Can't re-establish Master Boot Record on my Windows 10 Boot drive
I'm perplexed and frustrated. I have a legacy 64 bit dual core desktop (ASUS mobo). I have several Sata hard drives in it with the 4th partition of my 1 Terabyte drive containing my Windows 10 Professional boot OS. After converting another...
Installation and Upgrade
Window 10 ver 1511 overwrites device drivers - need to reinstall
The original upgrade of my Samsung Q330 laptop from W7 to W10 wiped some of the device drivers, and required the following A physical change of wifi card, since the Broadcom card was incompatible with W10 Reinstallation of the Synaptics...
General Support
Something nasty in my tech preview
I have had a copy of the technical preview since the beginning, using WD and the free Malwarebytes with no problems up till last night. My home page on Edge is Sky.com which has my email and news, and I was looking through the many news items when a...
AntiVirus, Firewalls and System Security
'Nasty' Reg Hack
There's another registry hack floating around the internet for W10TP called 'Experimental Login' DO NOT try it, there's a darn good chance you won't be able to log back in after a restart or clean start. It's a big PITA! 11523
Customization
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:29.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums