Recently there have been a spate of ransonware infections reported in the news  The bad news is that these infections are unlikely to go away and time soon.  The good news is that there are many ways to defend against them.  The most common route to infection is as follows:

  • People are being duped into opening emails that contain the ransomware infection
  • The infection is so new that it bypasses even the best Anti-Virus protection
  • Your computer has not been regularly updated, and therefore has vulnerabilities the virus can exploit
  • The computer is now infected, but insufficient consideration has been taken with regards to your company’s backup policy. MANY backup polices are inadequate.

Why are some backup policies inadequate?  Firstly, let’s look at how a ransomware infection may affect your business.

  • Someone has been duped into opening an infected email
  • No error messages will now be shown on your screen, and your computer will appear to operate normally. You may notice increased disk activity.
  • The virus is now encrypting all the files on your machine, and all the files your computer is able to access. This will include USB drives, network shares, other computers, and most importantly…
  • …content in the cloud that your machine can access will also be encrypted. This includes Dropbox and Google Drive
  • Once all your files are encrypted the virus still may not show anything!
  • You continue to work, and backup your data as normal. Only now, your backed up date is encrypted, and the backup drives you may attach to your computer or network are also being encrypted but remain accessible
  • If the infection hits on a Friday, many backups may be taken between the point of infection and the point the virus finally posts a message that you have been locked out from your data and need to pay money to retrieve your data.

It is at this point people reach for their backups thinking they will be saved.  Reading the above, many people unfortunately find that their backups are encrypted.  It is therefore imperative to logically consider the above points and consider how many versions, drives and locations are needed to recover from a virus that may have been able to run rampant on your network undetectable for a few days.