This article provides some general advice against protecting your systems and backups against a class of threats commonly known as Ransomware.
Source: Wikipedia (March 10th 2015) |
The good news is that by having system backups you already have some protection against these (and any other) types of viruses. If a system is infected you can simply restore the system to a pre-infection state from one of your backups.
Unfortunately, these types of viruses can now spread throughout your network and potentially encrypt your backups. This type of attack was popularised in 2014 by a virus known as Cryptolocker.
This article will cover some of the ways you can protect your backups from becoming encrypted and thus allowing you to restore your systems.
The simplest way to protect your backups is to use backup storage that can only be written to once. These are usually optical media such as CD-R, DVD-R and BD-R. These discs can only be written to once i.e. at the time of backup and so even if a virus has access to the disc if it is still in the disc tray it cannot alter the data on the disc.
Be careful using re-writable (RW) backup media if you wish to protect against this kind of threat as the backups contained on the disc could be altered if attached to the computer when the virus strikes. In general, as long as the discs are removed immediately after backup and stored offline then they should be okay but the write-once media is generally preferable for backup. |
Whilst write-once media is a quick and simple solution to protect against these kinds of threats it is not a method we can particularly recommend except in very trivial circumstances such as for the occasional full home backup. In all other circumstances you will want to be taking regular incremental/differential backups as part of a wider rotation scheme and optical media is ill-suited to these kinds of backup schemes.
As mentioned earlier: ransomware often spreads throughout a network. Therefore a solution is to keep backups off the network. This presents a problem, however, as to backup an organisation you will generally have your storage available over a network connection.
The key to offline backup is to backup to a location inaccessible to any virus that may get onto the system. This can be achieved with Macrium Reflect by creating backup scripts that can copy a backup to another location via FTP / SCP once a backup completes. This is made easier in Macrium Reflect Version 6 with the introduction of Powershell scripted backups, in addition to the existing options of VBScript and Batch file backups.
Hopefully it is clear that this solution is the recommended approach. Although it has clear technical barrier, one of the core aims of Macrium Reflect Version 6 was to improve our scheduling and scripting options to give our users maximum flexibility to create a backup scheme that works for them.
|