This article provides some general advice against protecting your systems and backups against a class of threats commonly known as Ransomware.

Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system's hard drive (cryptoviral extortion, a threat originally envisioned by Adam Young and Moti Yung), while some may simply lock the system and display messages intended to coax the user into paying.

Source: Wikipedia (March 10th 2015)

The good news is that by having system backups you already have some protection against these (and any other) types of viruses. If a system is infected you can simply restore the system to a pre-infection state from one of your backups.

Unfortunately, these types of viruses can now spread throughout your network and potentially encrypt your backups. This type of attack was popularised in 2014 by a virus known as Cryptolocker.

This article will cover some of the ways you can protect your backups from becoming encrypted and thus allowing you to restore your systems.

Write-once Media Backups

The simplest way to protect your backups is to use backup storage that can only be written to once. These are usually optical media such as CD-R, DVD-R and BD-R. These discs can only be written to once i.e. at the time of backup and so even if a virus has access to the disc if it is still in the disc tray it cannot alter the data on the disc.

Be careful using re-writable (RW) backup media if you wish to protect against this kind of threat as the backups contained on the disc could be altered if attached to the computer when the virus strikes. In general, as long as the discs are removed immediately after backup and stored offline then they should be okay but the write-once media is generally preferable for backup.




Whilst write-once media is a quick and simple solution to protect against these kinds of threats it is not a method we can particularly recommend except in very trivial circumstances such as for the occasional full home backup. In all other circumstances you will want to be taking regular incremental/differential backups as part of a wider rotation scheme and optical media is ill-suited to these kinds of backup schemes.

Offline backup storage / Archiving

As mentioned earlier: ransomware often spreads throughout a network. Therefore a solution is to keep backups off the network. This presents a problem, however, as to backup an organisation you will generally have your storage available over a network connection.

The key to offline backup is to backup to a location inaccessible to any virus that may get onto the system. This can be achieved with Macrium Reflect by creating backup scripts that can copy a backup to another location via FTP / SCP once a backup completes. This is made easier in Macrium Reflect Version 6 with the introduction of Powershell scripted backups, in addition to the existing options of VBScript and Batch file backups.




Hopefully it is clear that this solution is the recommended approach. Although it has clear technical barrier, one of the core aims of Macrium Reflect Version 6 was to improve our scheduling and scripting options to give our users maximum flexibility to create a backup scheme that works for them.



Related issues