Nightly Backups Are No Longer Enough

One of the things that I hear all the time from business owners is that they do not need a backup service, because they perform daily backups onto a portable hard drive, USB drive, or similar device. My response to them is always the same: That might have been good enough up until about a year ago. Now, simply backing up your data to a device nightly is no longer sufficient.

Today’s new ransomware will actually sit dormant for a few days or even weeks and infect your backups. The principle with ransomware is that it will encrypt your files on a system’s hard drive using an unbreakable key, and this is decrypted by the attacker only once a ransom is paid, typically by online currency such as Bitcoin.

ransomware
Actual ransomware screenshot demanding $4,500 to restore encrypted files

At Data-Safe, we have seen more customers with data loss in the past six months than we have seen in all of our years in business. Every one of these recent cases of data loss was due to ransomware. Fortunately, we were able to successfully restore data to our customers in every case.

The latest ransomware will seemingly sit dormant on your system and quietly encrypt your files, as well as your backups, often rendering your backup completely worthless.  Most experts agree that the best way to combat the latest ransomware is a combination of an excellent antivirus system, and an automatic, off-site data backup service that offers significant versioning, and a lot of it. Versioning is saving older versions of your files, so that you have a snapshot of what your data looked like a day ago, two days ago, five days ago, a month ago, etc. When your data is encrypted with ransomware, you can simply restore your files to an earlier date in time. At Data Safe, we keep 90 days of versioning as standard practice for our customers.

Ransomware such as CryptoLocker, Lechiffre, and CryptoWall take your data and encrypt it, and greet you with a page that tells you how much money you need to pay to get your data back.  Once your data is encrypted, it can be impossible to decrypt it without paying the ransom amount to get the key. In fact, the FBI actually has said that if your computer is infected with ransomware, the best solution to quickly get your data back is to pay the required ransom. “The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office.  “To be honest, we often advise people just to pay the ransom.”

In February of this year, a hospital in Hollywood paid $17,000 in ransom to get their critical data back. In that case, their files were unencrypted and restored after the ransom amount was paid. So, the good news is that IF you get hit with ransomware, you can simply pay the ransom and have your data restored, right? Not so fast. This works in many cases, however, you are not guaranteed to get your data back after the ransom is paid. In May of this year, Kansas Heart Hospital in Wichita paid the required ransom to hackers, and was still denied their data files by the hackers unless more money was paid.

If you’ve got a backup service like Data Safe that does proper off-site backups with versioning to protect your business data, there’s no need to pay off ransomware.

 

Sources:

Ransomware attackers refuse to decrypt hospital's files after being paid off

Hollywood hospital pays $17,000 to ransomware hackers

http://money.cnn.com/2016/04/15/technology/ransomware-cyber-security/