Keeping files safe from malware ideas

[Master Razor]

The cryptolocker malware scares me so much I'm starting to have nightmares. I have backups of all my files stored on external drives and the keepass database is saved in 3 different places, online and offline. The problem is that with a cryptolocker, it goes through everything on your computer, usb drives, external drives, local hard drives, network drives...
So, in case of an infection, dropbox will be dead, any usb keys I have plugged will be dead as well, all mapped drives, and everything...

I'm thinking, every device that is writable will be infected, no matter what. The only safe bet are medium that are read-only like CDs and DVDs.
Say a computer is infected with cryptolocker and the ISO isn't yet locked and I burn it to a CD, will it infect the CD as well? Can it do that?
I have some re-writable DVDs which I can use to save the keepass database every once in a while.

What are your thoughts?

[anon]

The problem is that with a cryptolocker, it goes through everything on your computer, usb drives, external drives, local hard drives, network drives...

But you won't have all of those mounted at the same time. As long as you have one copy of every file on some storage that isn't online at the time of infection, you're safe.

[Master Razor]

My way of think is this:
When it all comes down to it, all you need to re-create your file collection (applications, music, games, comics, documentation, etc) are keepass, notes, and some important documents.
I have a startup batch that opens all applications on windows startup. I've added there some lines that will:
1. backup all important files to a location
2. creates an iso off those files
3. burn the iso using a dvd re writable disk that is always in the drive's tray.

So basically, every day it will backup, and burn the data to disk.
Since there is no autorun on the disk anymore, no virus can do anything from a cd/dvd. And if the files get crypted by cryptolocker, the batch will simply not be able to burn the crypted iso. So, a copy of the files are always safe on the drive.

Untill i come up with a better fool-proof way to backup and also keep these files updated, this'll have to do.

[anon]

if the files get crypted by cryptolocker, the batch will simply not be able to burn the crypted iso.

Make sure your program does some sanity checking on the ISO, because in principle, anything can be written to a rewritable disc (including an encrypted image).

Untill i come up with a better fool-proof way to backup and also keep these files updated, this'll have to do.

Two other ideas:

• automatic copying to some networked storage that is only open 'x' hours every day, possibly chaining that with one or more other subsequent backups
• automatic copying to a volume that is later hidden via partition ID or HPA and/or taken offline