Ranomware, how to I prevent it?

I keep hearing about ransomware. Even the TV show "The Good Wife" featured it in one episode last year! I'm wondering how secure I may or may not be. Here's my set up.
I run my own small business. Two computers synced via OneDrive. Office 365 Business Premium. My machine is a Surface Pro 2 with Bitlocker protecting my SSD. The other is an Acer Aspire laptop. It's there only for occasional use by another person who is logged in also as me. I have Kaspersky Internet Security 16.0. Everything is set to auto update. I have Carbonite which backs up constantly to the cloud. I also have Acronis True Image making a daily back to an external hard drive.
So I think my question is: if I become the victim of a ransomware attack will I be able to access any of my backups? Would I be able to access my OneDrive, Carbonite or external hard drive using another computer?

(In the last 4 or 5 years there have been 6 failed attempts to scam me in some way. One was the I'm in London and I've been mugged, please send me money on Skype chat supposedly from a supplier. Another was where I had initiated a payment to this same supplier and received an email supposedly from him saying to hold the payment and send it to his new bank details. Both of these referred to the same long standing supplier and were about 3 years apart. In both cases he said the problem was at my end which of course it wasn't. In both situations I just phoned him and told him to improve his security. A few days after the second one above he told me one of his other customers had fallen for the "new bank" scam. It was my supplier who lost, not his customer. He had ignored my warnings.) I also know a somebody who fell for the "I've been mugged, send me 2,000.00 euro". I wonder if I'll eventually slip up and get caught some day!
Martin CampbellAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

madunix (Fadi SODAH)Chief Information Security Officer Commented:
No direct way of doing this; just make sure you have a good firewall, Internet security package, backup incremental policy and user security awareness.

Check the following articles:


Dan CraciunIT ConsultantCommented:
The newer versions of Cryptolocker can encrypt pretty much any file they can access: local files, network shares, Dropbox/OneDrive/GoogleDrive files. And they try to disable shadow copies so you cannot restore to an earlier version.

Sensible steps to take:
1. Don't run using an administrative account (helps with shadow copies/previous versions)
2. Use an offline backup procedure. 2 external HDDs that you rotate weekly should be enough, if you can lose the files for a few days.
3. Common sense: don't open attachments unless absolutely necessary, but never from people you don't know. Don't visit sites you should not.

EirmanChief Operations ManagerCommented:
CryptoPrevent is very useful ...

General Strategies
Application whitelisting (Important, but frequently neglected)
Regular OS & Application Patching
Restricted Administrative Permissions
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

btanExec ConsultantCommented:
if I become the victim of a ransomware attack will I be able to access any of my backups?
you can if the backup is not locked (obviously) but ransomeware (like CryptoLocker) is capable of browsing and encrypting data on any mapped drives that the end user has access to. Restricting the user permissions for the share or the underlying file system of a mapped drive will provide limits to what the threat has the ability to encrypt.

Would I be able to access my OneDrive, Carbonite or external hard drive using another computer?
If the files are locked as mentioned in one computer with such mapped and shared drive, using another machine makes no differences since those same files are already encrypted using the same shared or unique account. I rather not do auto mapping when machine boots up and instead be manual triggered by user as when demanded to reduce exposure.

Tough to be fool-proofing ourselves or have any silver bullet to avoid infected. The preventive measures shared by the experts are good considerations.  To highlight in specific, I also suggest trying out whitelisting using EMET or Cryptoprevent and do cater a period to reduce app crashes and learning your machine usage by the security s/w.  Browser, removable drives and email are the common penetrated point of compromise so watch out when surfing and using them. There are some EE articles mentioned in the discussion and hope those helps too.

Good that you hold stead and vigilance to avoid the scam and likewise for social engineering scheme such as through phishing can be avoided too as long as we do not fall into "click-er" syndrome. You may find this matrix of targeted users of interest in this article http://www.experts-exchange.com/articles/17548/Stop-Think-Decide-THEN-Click.html
The encryption malwares pose no additional threat-type. Any malware that one starts can do harm to all data you can access.

If you are fully aware of this sentence your question is answered.

It does not matter what the malware does to your data - you don't want it touched in the first place.

Only way is to finally move away from virus scanning and move to application whitelisting instead or use both.

Look at Microsoft's documentation of applocker and device guard. Those are mighty tools for enterprise customers.
btanExec ConsultantCommented:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Martin CampbellAuthor Commented:
Too much info to even know which answer is the best. Very grateful to all.
btanExec ConsultantCommented:
in case anyone interested -
October 28 update: ALL Coinvault and Bitcryptor keys (14k+) added to the database
April 29 update: 13 decryption keys added to the database
April 17 update: 711 decryption keys added to the database
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.