It’s ironic (not ironic?) that an IT-savvy nerd who has spoken about backups here on these forums should befall a tragedy putting my backup best-practices to the test.
On a dedicated DAW where only music-related stuff is clicked on, I just befell a “ransomware” virus.
I’m an IT guy, I know not to click on or run “weird stuff,” but got sucker-punched all the same.
I’m not ready to point fingers, but am not ruling out one of the “free xmas gift” downloads recently installed. Will report back if I can confirm, but if not that, it was likely a website link (or so the research seems to point). I can’t imagine what.
On this DAW I visit Gearslutz, KVR, the various DAW forums, MusicRadar, YouTube tutorial videos, plugin updates, etc. Nothing else.
And yet, one of my unfortunate clicks (if not a plugin update or plugin related download), and likely a Adobe Flash exploit (which I update weekly!) got me a trip to hell and back within the last 24 hours.
I was in Cubase, minding my own business on my crappy trance music, when things slowed down to the point of “reboot.”
At first I blamed Cubase 8.
Nope, it was “ransomware” encrypting all my datafiles in the background!
A reboot informed, via a new shiny wallpaper, that I had to click on a link and pay bitcoin, or never see my encrypted files again.
Yikes.
I checked.
Yup. They managed to encrypted all my text (and many other) data files. I knew because the files ended in a second extension of random text. E.g., “readme.txt.xype93s” instead of “readme.txt”. Opening the file revealed encrypted garbage.
It sprawled across all my SSDs faster than you can say “sata III solid state drives.”
Cubase project files, wav and aiff files remained untouched, thankfully (a limitation of the malware).
But text files and many other file types were encrypted for ransom.
I’m posting this here because it was only relatively garden variety, audio-related stuff I visit on this computer. What I’d consider to be relatively common usage paths for audio enthusiasts during the holiday sales and promotions.
So … yeah. Don’t be too scared, but also back your stuff up. Seriously. And run anti-malware software if it’s a computer you’re using to research plugins, etc.
I was able to get everything back due to backups.
Backup. Backup. Backup.
Also, if you’re on OS X, honestly, you’re mostly safe. Or at least you would have been in this case.
If you’re on Windows 8+ you’re probably safe (built in security essentials).
I am on Windows 7 and in my infinite wisdom, decided not to run malware protection in order to “optimize” my DAW.
Well, F’ that. I now have Window Security Essentials and Malwarebytes running (both) in full, live, real-time mode.
That was quick. Didn’t take much arm-twisting.
I’ll let you know (once I’m 100% back up) how that works with Cubase 8 / Windows, but whatever performance hit I get, it’s going to be factored into the overhead of the DAW’s capabilities.
This ransomware managed to find my USB flash drives and here’s the (interesting) damage report:
Waves USB: Okay – It wasn’t smart enough to touch it.
iLok USB: Okay – it wasn’t smart enough to touch it.
eLicenser USB: Okay – didn’t touch it.
Native Instruments “Service Center” – Okay.
Plugin Alliance – it found its “machine_id.txt” file and encrypted it! Plugin Alliance dongle (USB thumbdrive) is TOAST! (easily fixed, but still, pretty scary.)
+1 for not having license files with “.txt” in the name.
+1 again for iLok not even exposing the filesystem!
+1 again for iLok even surviving a complete loss (TLC) – didn’t come to that, but still, eLic, you’re not robust enough for 2014 (and beyond), in my humble estimation. eLic really needs a total loss coverage option similar to iLok.
Will edit this post with some others once I’m back up and can confirm.
Also, I use Dropbox for many things audio related. Between multiple computers, etc. This virus found and crawled through my entire Drobox trees and encrypted everything it cared about on it, too!
Yikes!
I had to delete everything in my dropbox, to be safe.
Luckily, I had a virtual machine (not running) that had a recent Dropbox sync. So I pulled the ethernet jack on my computer, loaded the virtual machine, copied everything out of my Dropbox to my desktop, then plugged the ethernet jack back in (which it quickly deleted everything) and then copied from the desktop back to Dropbox. Everything was back. Whew!
Backup with Crashplan. Seriously. Just do it.
“Happy Holidays” all.
To all you “don’t allow internet on my DAW types” – I bow to you in respect.
To all you audio companies that make it difficult to use your software without being connected to the internet – here’s another anecdote for you to rethink your offerings.
Backup. Via Crashplan online, imho. I’ve tried most of them and Crashplan gets my approval, more than once, have I had to restore from it.
Man, I just can’t seem to get a free Saturday.