chchang
/
hugo_backup
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e148d19b33'
${ noResults }
hugo_backup/themes/public/article/e7-ad-86-e8-a8-98-e9-9d-a2-.../index.html

501 lines
17 KiB
Raw Blame History Escape

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<!doctype html>
<html class="no-js" lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="author" content="Lednerb">
<meta name="description" content="Bilberry Premium Theme for Hugo.">
<meta name="keywords" content="blog,personal,responsive,search,font awesome,pages,posts,multilingual,highlight.js,syntax highlighting,premium,shortcuts">
<meta name="generator" content="Hugo 0.50" />
<title> [筆記]面對 Cryptolock / Cryptowall 勒索病毒的檔案備份應對辦法 | My cool new Blog</title>
<meta name="description" content="[筆記]面對 Cryptolock / Cryptowall 勒索病毒的檔案備份應對辦法 - Bilberry Premium Theme for Hugo.">
<meta itemprop="name" content="[筆記]面對 Cryptolock / Cryptowall 勒索病毒的檔案備份應對辦法">
<meta itemprop="description" content="[筆記]面對 Cryptolock / Cryptowall 勒索病毒的檔案備份應對辦法 - Bilberry Premium Theme for Hugo.">
<meta property="og:title" content="[筆記]面對 Cryptolock / Cryptowall 勒索病毒的檔案備份應對辦法">
<meta property="og:description" content="[筆記]面對 Cryptolock / Cryptowall 勒索病毒的檔案備份應對辦法 - Bilberry Premium Theme for Hugo.">
<meta property="og:image" content="https://www.gravatar.com/avatar/88188b6cc451928eba90e8400bc68086?size=200">
<meta property="og:url" content="https://h.cowbay.org/article/e7-ad-86-e8-a8-98-e9-9d-a2-e5-b0-8d-cryptolock-cryptowall-e5-8b-92-e7-b4-a2-e7-97-85-e6-af-92-e7-9a-84-e6-aa-94-e6-a1-88-e5-82-99-e4-bb-bd-e6-87-89-e5-b0-8d-e8-be-a6-e6-b3-95/">
<meta property="og:site_name" content="My cool new Blog">
<meta property="og:type" content="article">
<link rel="icon" type="image/png" href="https://h.cowbay.org/favicon-32x32.png" sizes="32x32">
<link rel="icon" type="image/png" href="https://h.cowbay.org/favicon-16x16.png" sizes="16x16">
<link rel="stylesheet" href="https://h.cowbay.org/sass/combined.min.717098cb5503581e75f12e486a847ca410bf8367d4d8713f4c37affc868c5a1d.css">
</head>
<body class="bilberry-hugo-theme">
<nav>
<div class="container">
<ul class="topnav">
<li><a href="/page/about-bilberry/">About Bilberry</a></li>
<li><a href="https://github.com/Lednerb/bilberry-hugo-theme" target="_blank">Github</a></li>
</ul>
<div id="search-box" class="search">
<i class="fa fa-search"></i>
<input id="search" type="text" placeholder="Search ...">
</div>
</div>
</nav>
<header>
<div class="container">
<div class="logo">
<a href="/" class="logo">
<img src="https://www.gravatar.com/avatar/88188b6cc451928eba90e8400bc68086?d=mm&size=200" alt="">
<span class="overlay"><i class="fa fa-home"></i></span>
</a>
</div>
<div class="titles">
<h3 class="title"><a href="/">My cool new Blog</a></h3>
<span class="subtitle">Hello World! This is the most epic subtitle ever.</span>
</div>
<div class="languages">
<a href="/en" class="active">en</a>
<a href="/de">de</a>
</div>
<div class="toggler">
<i class="fa fa-bars" aria-hidden="true"></i>
</div>
</div>
</header>
<div class="main container">
<div class="article-wrapper u-cf single">
<a class="bubble" href="/article/e7-ad-86-e8-a8-98-e9-9d-a2-e5-b0-8d-cryptolock-cryptowall-e5-8b-92-e7-b4-a2-e7-97-85-e6-af-92-e7-9a-84-e6-aa-94-e6-a1-88-e5-82-99-e4-bb-bd-e6-87-89-e5-b0-8d-e8-be-a6-e6-b3-95/">
<i class="fa fa-fw fa-pencil"></i>
</a>
<article class="default article">
<div class="content">
<h3><a href="/article/e7-ad-86-e8-a8-98-e9-9d-a2-e5-b0-8d-cryptolock-cryptowall-e5-8b-92-e7-b4-a2-e7-97-85-e6-af-92-e7-9a-84-e6-aa-94-e6-a1-88-e5-82-99-e4-bb-bd-e6-87-89-e5-b0-8d-e8-be-a6-e6-b3-95/">[筆記]面對 Cryptolock / Cryptowall 勒索病毒的檔案備份應對辦法</a></h3>
<div class="meta">
<span class="date moment">2015-12-21</span>
<span class="categories">
<a href="/categories/%E5%B7%A5%E4%BD%9C%E7%AD%86%E8%A8%98">工作筆記</a>
</span>
</div>
<p>最近Cryptolocker/Cryptowall 這類的勒索病毒越來越猖獗</p>
<p>也由於一直無法確定病毒的實際來源所以很難做到在GATEWAY端阻止</p>
<p>於是換個角度來想,既然這類勒索病毒的加密目標是我們硬碟裡的「文件」,那只要避免這些「文件」被病毒直接感染到就好了</p>
<p>上網查了一下因為變種很多原本的cryptolocker不會加密 zip檔後面的變種好像會於是備份時要避免用 .zip / .rar 的格式</p>
<h2 id="也就是說-要不就把硬碟內容以-映象檔-的方式備份-要不就是存成病毒不會去加密的類型">也就是說,要不就把硬碟內容以「映象檔」的方式備份,要不就是存成病毒不會去加密的類型</h2>
<p>以映象檔方式備份的作法,因為很花時間又很佔容量,所以先不考慮(其實我比較推薦這種方法)</p>
<p>存成病毒不會加密的類型又有幾種作法</p>
<p></p>
<p>一種是利用autover 之類的小工具,在檔案/目錄有異動時,進行備份,然後將備份後的檔案重新命名</p>
<p>例如c:\123\123.txt 有異動的時候,自動備份到 d:\123\123.txt</p>
<p>然後把 d:\123\123.txt 給重新命名成 d:\123\123.txt.timestamp 這樣</p>
<p>不過呢雖然這種real time backup 的軟體很多</p>
<p>但是要能做到 rename after backup 的,沒有&hellip;.</p>
<p>跟幾位軟體的作者聯絡過,要不就是沒回我,不然就是說你付錢,我來改  <img src="http://wp.cowbay.org/wp-content/plugins/wp-emoji-one/icons/1F602.png" alt="" /></p>
<hr />
<p>&nbsp;</p>
<p>在不想花錢的前提下,只好想其他辦法</p>
<p>這些軟體大部分都會內建壓縮的的功能,雖然 zip/rar 好像也會被加密那如果有zip/rar 以外的壓縮方式呢?</p>
<p>照這個思維想下去,第一個想到 .tgz  XD</p>
<p>然後還真的找到了一個免費、免安裝的軟體叫 toucan 可以用GZIP去壓縮 ,而且支援命令列模式啟動,</p>
<p>也就是說雖然他沒有內建排程但是可以透過windows的排程定時去執行</p>
<p>簡單用底下一張圖來說明</p>
<p>&nbsp;</p>
<p><a href="http://wp.cowbay.org/wp-content/uploads/2015/12/2015-12-21_14-41-40.png"><img src="http://wp.cowbay.org/wp-content/uploads/2015/12/2015-12-21_14-41-40.png" alt="2015-12-21_14-41-40" /></a></p>
<p>1.執行程式後,選擇備份活頁</p>
<p>2.在工作名稱輸入一個好記的名稱,這個名稱等一下會用到</p>
<p>3.選擇要備份的路徑</p>
<p>4.類型看你需要看是完整或者更新都OK</p>
<p>5.格式,這個是重點記得選 gzip</p>
<p>6.要把檔案複製到哪裡? 這邊可以選本機、甚至可以選雲端硬碟的目錄,讓備份的檔案可以自動同步到雲端</p>
<p>都設定完之後,在 2的地方選那個磁片的圖示存檔然後就可以關閉這個程式</p>
<p>接下來改用命令列模式來進行備份</p>
<p>切換到 toucan 的目錄後,輸入 toucan.exe -j JOB_NAME(就是剛剛輸入的工作名稱,在這邊就是 DD_ENCRYPT)</p>
<p><a href="http://wp.cowbay.org/wp-content/uploads/2015/12/2015-12-21_14-45-30.png"><img src="http://wp.cowbay.org/wp-content/uploads/2015/12/2015-12-21_14-45-30.png" alt="2015-12-21_14-45-30" /></a></p>
<p>然後就會看到程式開始執行(底下圖片的左邊就是程式執行的情況)</p>
<p><a href="http://wp.cowbay.org/wp-content/uploads/2015/12/2015-12-21_14-46-09.png"><img src="http://wp.cowbay.org/wp-content/uploads/2015/12/2015-12-21_14-46-09-1024x427.png" alt="2015-12-21_14-46-09" /></a></p>
<p>&nbsp;</p>
<p>備份的檔案就是一個 .gz 的檔案</p>
<p><a href="http://wp.cowbay.org/wp-content/uploads/2015/12/2015-12-21_14-48-18.png"><img src="http://wp.cowbay.org/wp-content/uploads/2015/12/2015-12-21_14-48-18.png" alt="2015-12-21_14-48-18" /></a></p>
<p>這種檔案「理論上」就不會被勒索軟體給加密了!</p>
<p>&nbsp;</p>
<hr />
<p>如果不想用toucan ,那還有另一種作法是利用 winrar 的自解壓縮檔功能</p>
<p>指令也很簡單</p>
<p>winrar a -sfx BACKUP_DEST.exe  BACKUP_SOURCE</p>
<p><a href="http://wp.cowbay.org/wp-content/uploads/2015/12/2015-12-21_14-51-33.png"><img src="http://wp.cowbay.org/wp-content/uploads/2015/12/2015-12-21_14-51-33.png" alt="2015-12-21_14-51-33" /></a></p>
<p>&nbsp;</p>
<p>備份後會產生一個 .exe 的自解壓縮檔,目前也不會被勒索軟體給感染!</p>
<p><a href="http://wp.cowbay.org/wp-content/uploads/2015/12/2015-12-21_14-52-52.png"><img src="http://wp.cowbay.org/wp-content/uploads/2015/12/2015-12-21_14-52-52.png" alt="2015-12-21_14-52-52" /></a></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
</div>
<div class="footer no-tags">
</div>
</article>
</div>
<div id="disqus_thread"></div>
<script type="application/javascript">
var disqus_config = function () {
};
(function() {
if (["localhost", "127.0.0.1"].indexOf(window.location.hostname) != -1) {
document.getElementById('disqus_thread').innerHTML = 'Disqus comments not available by default when the website is previewed locally.';
return;
}
var d = document, s = d.createElement('script'); s.async = true;
s.src = '//' + "bilberry-hugo-theme" + '.disqus.com/embed.js';
s.setAttribute('data-timestamp', +new Date());
(d.head || d.body).appendChild(s);
})();
</script>
<noscript>Please enable JavaScript to view the <a href="https://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
<a href="https://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>
</div>
<footer>
<div class="container">
<div class="recent-posts">
<strong>Latest posts</strong>
<ul>
<li>
<a href="/article/google-550-5-7-1-sloution/">寄信給google被退信 錯誤 550-5.7.1的解法</a>
</li>
<li>
<a href="/article/netdata-linux-system-performance-monitor-dashboard/">Netdata Linux System Performance Monitor Dashboard</a>
</li>
<li>
<a href="/article/linux-performance-monitor-dashboard-netdata-md/">Linux 底下極其詳細的System performace Monitor Dashboard - Netdata</a>
</li>
<li>
<a href="/article/syntax-test/">Syntax Test</a>
</li>
<li>
<a href="/article/psql-create-role-and-assign-priviledges/">psql create role and assign priviledges</a>
</li>
<li>
<a href="/article/study-url/">Study URL</a>
</li>
<li>
<a href="/article/rsync-time-backup/">[筆記] Linux 底下好用的備份工具 rsync-time-backup</a>
</li>
</ul>
</div>
<div class="categories">
<a href="/categories/"><strong>Categories</strong></a>
<ul>
<li>
<a href="/categories/%E6%9C%AA%E5%88%86%E9%A1%9E">未分類 (86)</a>
</li>
<li>
<a href="/categories/%E5%B7%A5%E4%BD%9C%E7%AD%86%E8%A8%98">工作筆記 (68)</a>
</li>
<li>
<a href="/categories/%E5%85%B6%E4%BB%96">其他 (46)</a>
</li>
<li>
<a href="/categories/%E7%AD%86%E8%A8%98">筆記 (30)</a>
</li>
<li>
<a href="/categories/%E5%89%AA%E5%A0%B1">剪報 (18)</a>
</li>
<li>
<a href="/categories/starting">Starting (5)</a>
</li>
<li>
<a href="/categories/blog">Blog (4)</a>
</li>
</ul>
</div>
<div class="right">
<div class="external-profiles">
<strong>Social media</strong>
<a href="https://twitter.com/TheRealLednerb" target="_blank"><i class="fa fa-twitter-adblock-proof"></i></a>
<a href="https://github.com/Lednerb" target="_blank"><i class="fa fa-github"></i></a>
</div>
<div class="languages">
<strong>Other languages</strong>
<a href="/en" class="active">en</a>
<a href="/de">de</a>
</div>
</div>
</div>
</footer>
<div class="credits">
<div class="container">
<div class="copyright">
<a href="https://github.com/Lednerb" target="_blank">
&copy;
2017
by Lednerb
</a>
</div>
<div class="author">
<a href="https://github.com/Lednerb/bilberry-hugo-theme" target="_blank">Bilberry Hugo Theme</a>
</div>
</div>
</div>
<script type="text/javascript" src="https://h.cowbay.org/js/externalDependencies.39c47e10e241eae2947b3fe21809c572.js" integrity="md5-OcR&#43;EOJB6uKUez/iGAnFcg=="></script>
<script type="text/javascript" src="https://h.cowbay.org/js/theme.ff50ae6dc1bfc220b23bf69dbb41b54e.js" integrity="md5-/1CubcG/wiCyO/adu0G1Tg=="></script>
<script>
$(".moment").each(function() {
$(this).text(
moment( $(this).text() )
.locale( "en" )
.format('LL')
);
});
$(".footnote-return sup").html("");
</script>
<script>
var client = algoliasearch("Y2C4RWMPXW", "50ea7f8c41c0ad233926e0be2b769ed1");
var index = client.initIndex("default-content");
$('#search').autocomplete({ hint: false, autoselect: true, debug: false },
[
{
source: $.fn.autocomplete.sources.hits(index, { hitsPerPage: 5, filters: 'language: en' }),
displayKey: function(suggestion) {
return suggestion.title || suggestion.author
},
templates: {
suggestion: function(suggestion) {
return "<span class='entry " + suggestion.type + "'>"
+ "<span class='title'>" + suggestion.title + "</span>"
+ "<span class='fa fa-fw " + suggestion.iconClass + "'></span>"
+ "</span>"
;
},
empty: function() {
return "<span class='empty'>Nothing found.</span>"
},
footer: function() {
return '<div class="branding">Powered by <img src="https:\/\/h.cowbay.org\/dist\/algolia-logo-light.svg" /></div>'
}
},
}
])
.on('autocomplete:selected', function(event, suggestion, dataset) {
window.location = (suggestion.url);
})
.keypress(function (event, suggestion) {
if (event.which == 13) {
window.location = (suggestion.url);
}
});
</script>
</body>
</html>
Reference in new issue View Git Blame Copy Permalink