Ask Your Question
2

Does an encrypted drive protect agains ransomware?

asked 2017-08-08 12:54:22 -0600

Darkscot gravatar image

updated 2017-08-18 04:32:10 -0600

hedayat gravatar image

I dual boot Windows 10 and Fedora 26 on two seperate hard drives. Windows 10 is the OS of choice for the rest of the family,but i mainly use Fedora. If I copy all the user files (music, pics, docs etc) on Win10 to the Fedora drive would it be protected against a ransomware attack on the Windows drive? The Fedora drive is encrypted and does not show up on Windows file explorer.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
2

answered 2017-08-08 13:21:14 -0600

florian gravatar image

As you already noted, an encrypted Fedora drive (LUKS? LVM2? ecrypt?) will not be visible under Win10. So data located there is relatively safe. I am saying relatively because a malicious software could still tamper with your partitions and potentially delete them or modify the partition table.

Considering that your Win10 has no access to the encrypted Linux partition, you can only use this method to regularly save a backup of your Win10 data there.* And you will have to perform the backup from your Fedora system since only that can unlock your encrypted partition and at the same time will be able to read your Win10 (NTFS) partition.

Overall, I think the answer is no.

*also, if it had access, your data wouldn't be safe because once you have access the partition is unlocked and data can be modified (by you or by malicious software).

edit flag offensive delete link more
1

answered 2017-08-08 13:48:20 -0600

x27qb8 gravatar image

updated 2017-08-08 14:00:24 -0600

I suffered a ramsomware attack about a year & 1/2 ago. This was my experience:

I clicked on a link to go to a 3rd party site and a blue screen with a ransomeware notice appeared. I couldn't surf to any other site WITH THAT BROWSER. This was Firefox on Ubuntu 14.04.

I then copied the URL to a text file, for future reference.

I then disconnected wifi and rebooted the computer.

I then uninstalled Firefox, including the config files.

Then I reconnected wifi and launched Chrome. Chrome loaded the homepage and surfed normally.

I then reinstalled Firefox. Firefox loaded the homepage and surfed normally.

THEN I GOT P$$'d!!!


I did a WHOIS search on the URL of the ransomeware page and discovered that this pr!k$ website was hosted on GODADY.

I then sent GoDady a copy of the URL and 'politely' explained that one of their customers was using their hosting services to launch ransomeware attacks .

Then I added this experience to the appropriate section of Ubuntu Forums, which is read ALL OVER THE WORLD.


Computer saved and NUKED the bad guys all on the same day.

Hooray me...

edit flag offensive delete link more

Comments

Actually, I purged Firefox BEFORE I rebooted the computer.

x27qb8 gravatar imagex27qb8 ( 2017-08-08 13:55:10 -0600 )edit

Question Tools

Stats

Asked: 2017-08-08 12:54:22 -0600

Seen: 122 times

Last updated: Aug 08 '17