[roamer_1]

There is no easy way to prevent this in the short term - In fact, folks with responsible backup habits are more susceptible to ransomware than are the schlepps who are lucky to backup quarterly, as one is very likely to commit a backup before you know the files are encrypted, thus overwriting the files in your backup store... The fact that they left their USB HDD plugged in is almost incidental to the fact. These bugs will also infect any writeable network share too, so network backup, even cloud backup, is just as likely to be overwritten with encrypted files, all the more so if backup routines are often executed.

A ‘pull’ oriented (rather than ‘push’) backup initiated by a server pulling files from client machines to read-only shares would eliminate the chance of infection over LAN, but doesn’t do anything for overwriting with encrypted files from the client... But that is half the battle...

Creating a dated backup from the store before initiating a new backup would certainly help, but now you have the problem of giant datastores essentially without incremental differentiation...

It’s a tough nut for automated backup.

[wareagle7295]

We had this infect a PC and a network share at my work recently. Luckily the user that got infected let us know right away, and we were able to quarantine the PC and restore the network share from back (also before anyone else clicked on anything in that share to further spread it).

At home - If you are running 7 or 8, and your profile has 'Admin' privelages, create another admin account that you won't actively use and then demote your current user account to 'Standard'.

You can further restrict what applications you can run by enabling Parental Controls and creating an application 'white list', so that the O/S will only allow specific .exes (or other executables) to run. This makes it virtually impossible for a payload to execute the ransomware (or any virus for that matter).

From the MS website.

Open Parental Controls by clicking the Start button Picture of the Start button, clicking Control Panel, and then, under User Accounts and Family Safety, clicking Set up parental controls for any user.‌ Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Click the name of the person you want to prevent from using specific programs.

Under Parental Controls, click On, enforce current settings.

Click Block specific programs.

Click Person's name‌ can only use the programs I allow. Select the programs that you want to allow. If the program you want doesn't appear in the list, click Browse to locate the program.