1

I have been recently reading about rise in ransomware attacks such as CryptXXX and I was curious about I can protect myself from such attacks. I have a Windows 10 x64 system. Some measures I took are

  1. Update Windows, Flash, Silverlight and my browsers to latest version
  2. Change Flash and Silverlight to "Ask to activate" and activate only if I simply cannot use a website without said plugins.
  3. I don't use the PDF viewer plugin by Adobe. I just use my browser's default PDF viewer
  4. I run Malwarebytes in on-demand mode, I scan my PC every week or so.
  5. I uninstalled Java

My next steps were either using a real-time antivirus program or switching to Linux. I don't want to invest in real-time antivirus because no matter what you say, they slow the system down a bit.

Now about switching to Linux, I believe it would provide more protection because I am not aware of any Linux ransomware attacks (that have not been defeated). But my system has OEM version of Windows with UEFI and thus I am not quite ready to make a jump to dual boot or Linux-only setup. My fear is getting back to Windows-only setup with all my data intact.

Hence, my middle ground would be using Linux in Virtualbox on Windows for all my web surfing (which is the way I believe these ransomwares get to you). But I would still be tunneling my network traffic through Windows because I will be using a VM. Also, I would have to create a shared directory to be able to access the files I download on the VM on Windows.

In this scenario, am I enhancing my security against ransomware or am I still equally susceptible as browsing on my Windows system?

SilverlightFox
  • 33,698
  • 6
  • 69
  • 185
tumchaaditya
  • 119
  • 1
  • 3
  • 5
    You are bothered by the resource consumption of a virus scanner but you are fine with running a virtual machine along with your system? A VM would be a far worse performance leech. – Philipp Jul 09 '16 at 15:07
  • 2
    Auto-backup is key. Also, related, if not duplicate posts: https://security.stackexchange.com/questions/9011/does-a-virtual-machine-stop-malware-from-doing-harm?rq=1 https://security.stackexchange.com/questions/116663/how-can-i-protect-myself-from-ransomware-attacks-like-the-one-that-affected-tr?rq=1 https://security.stackexchange.com/questions/120902/would-limiting-write-access-to-a-backup-directory-help-protect-it-from-ransomwar?rq=1 – Jedi Jul 09 '16 at 15:10
  • Will you have shared discs between the VM and host? Will you ever move files between the VM and host? – Neil Smithline Jul 09 '16 at 16:17
  • you don't need a vbox, you can boot linux from a usb key, which is much faster, looks/sounds better, and has no lag. You can disable the hd from bios when the thumb takes over, if you're worried, but linux is not a great vector... – dandavis Jul 10 '16 at 03:09

2 Answers2

4

There is never 100% security.

  • There are vulnerabilities in web browsers which also work on Linux
  • There is malware for Linux. Malware development is constantly evolving. While you are reading this there are hundreds of people thinking about new ways to get those systems under their control which still elude them. Just because you are not aware of any good ransomware targeting Linux today doesn't mean none exist or will exist in the near future.
  • There are examples of security vulnerabilities in VM software which allow to attack another VM or the host from within a VM.

In order to be vulnerable with the setup you describe you would need to catch a ransomware which targets Linux and includes a VM breakout for the VM software you are using which targets a Windows host. That combination would be quite exotic, but is not completely inconceivable.

By the way, did you consider to invest into a proper backup solution? That protects you from Ransomware and a whole heap of other problems.

Philipp
  • 49,017
  • 8
  • 127
  • 158
0

I think you are taking the ransomware threat to a whole new level.

The key from you protecting yourself for such malware is awareness and keeping your programs updated to the latest version.

Yes, using a VM would help you and you will always be able to delete the VM if you are infected but why go through all that trouble when the key is awareness?

Note: About the usage of Linux vs Windows - Some ransomware has the ability to identify the OS and install the malware according to the OS (Although there are fewer Linux ransomware variants).

Xander
  • 35,616
  • 27
  • 114
  • 141
Bubble Hacker
  • 3,783
  • 1
  • 11
  • 20
  • I am usually particular about not visiting shady websites but legit websites have been injected with malicious code in recent past. I also read about some wordpress pages getting affected and I frequent to many wordpress pages. – tumchaaditya Jul 09 '16 at 15:05
  • @tumchaaditya So pay attention to any suspicious activity and don't run programs you don't know how they got to your downloads folder =] – Bubble Hacker Jul 09 '16 at 15:07
  • even if a legit site is compromised, you'll still need to do something dumb like click a yellow bar that was never there, run a certain new plugin, download a "video codec" or something else; you being infected or not is not at the whim of a site operator. – dandavis Jul 10 '16 at 03:12