Trojans and ransoms and backups, oh my!

Posted on by

Data loss can be a business killer. There’s a simple test for how badly you need good backups: Imagine all your computers are irrecoverably gone. Just – gone. Did you shrug? Gulp? Or clutch your chest? If the last, you need good backups 🙂 Now let me tell you about ransomware, trojans and backups…

In the last few weeks I’ve been associated with two recovery exercises for businesses that suffered ransomware attacks. Ransomware is malware that encrypts all your files, then demands money to decrypt them.

You might think “no problem, I’ll just pay the money if that happens”, but sort-of-unfortunately law enforcement agencies have managed to shut down quite a few of these ransomware operations, meaning there may no longer be anyone who can take your money – so your files would be effectively gone.

How do you get done over? By installing downloaded software without scanning it thoroughly or by opening attachments sent to you in email. There are other variations, but those are the biggies. Scan everything! If it’s a ZIP file or other package, unpack it somewhere convenient, and scan everything inside it. Use a high-quality anti-malware tool and keep it up to date. Using a poor anti-malware tool is totally false economy. Most of the freebies are not worth using; some are good but they are never the best.

Even if you do everything right, malware may still get through. It only takes one mistake or misjudgement, by one person on one computer with access to your files. If that happens and you don’t have good backups, your data is gone.

It’s not just malware that can destroy your data. Fire, flood, theft, sabotage, mechanical failure and human error are all very effective too. Ask the people who were inundated by Hurricane Katrina (or the Queensland floods, or the recent Sydney floods):

http://www.npr.org/templates/story/story.php?storyId=4837049

Or the people at Web Central:

http://www.itnews.com.au/News/144015,revealed-lessons-from-webcentrals-72-hour-email-outage.aspx

You can’t ask Distribute.IT; this attack killed their company (and quite a few of their customers’ companies, because they, too, did not have backups):

http://www.smh.com.au/technology/security/4800-aussie-sites-evaporate-after-hack-20110621-1gd1h.html

If you are in business, large or small, you need backups that are:

  • comprehensive – i.e. you are backing up everything that should be backed up.
  • versioned – you don’t keep just one version, you keep a backup from today, yesterday, the day before etc etc, back as far as possible.
  • frequent – if disaster strikes, you will lose all your work back to at least the most recent backup. Less than daily for a typical business is probably insufficient.
  • out-of-band (not local, not to shares) – if you back up to any place that one of your computers can reach, and one of your computers is compromised, all the backups you have stored there are toast. So back up to a place your other systems cannot reach.
  • off-site – if your office burns down, you really don’t want all your backups to burn as well. Store them off-site – at home, in a bank vault, wherever – as long as it is safe and a long way away from the originals. Different building is good, different town is better, different continent is best 🙂
  • preferably automated –  because people make mistakes. They forget to do the backups, forget to swap the backup disks, don’t notice that a backup has failed, etc.

A good backup system, meeting all these criteria, does not have to be wildly expensive, but not having a good backup system might be. If your backups do not meet these criteria, you need to get advice. Ditto if you are not sure whether your backups meet those criteria. Or if you have no backups at all.

Backups are just one part of data security. But they are a very important part, and a hell of a good start.

Leave a Reply

Your email address will not be published. Required fields are marked *