More and more companies are falling prey to purveyors of ransomware, a virus that attacks computers and literally holds them to ransom – locking users out of their machines and demanding payment to unlock them. As large organisations are able to invest heavily in multi-layer cyber security, their risk is usually minimised and it is often the smaller companies with single servers who suffer the most losses. Regular backup methods such as hard drives and commercial cloud storage systems aren’t helping to restore lost data, usually because they become infected with the virus too, as soon as the infected computer connects to them. So what can be done?
Ransomware is essentially a type of malware that infects a computer when the user unsuspectingly clicks on a link, downloading the virus which then sets about encrypting files and systems, rendering them inaccessible. Users who try to open a file will usually receive a message stating that the file needs to be decrypted. They then receive a message or text file detailing how to go about unlocking the data and who to call to do so. Essentially, the message requests a payment in exchange for the decryption key, effectively holding the user’s machine to ransom.
While a criminal act, there is a veneer of professionalism to the entire process and criminals have turned ransomware into a (very profitable) business. Many of them have a contact centre with friendly call centre agents who advise you on what the cost of “unlocking” your data is, and how to make payment – usually through untraceable methods such as bitcoin. In most cases, once payment is made, they provide you with a decryption key and you are able to re-access your data. But the costs can be crippling, particularly when the virus spreads company wide. Unfortunately, there are also cases where the decryption key is a further scam, and by the time you realise it, the money is gone, the contact number is no longer in effect and you have lost both your data and your money.
Although most companies have firewalls and antivirus systems that protect them from direct attacks, this virus is not overtly malicious. It targets individual browsers through careful placement in seemingly innocent adverts or attached to direct emails. The “invited” virus can then spread from the affected computer to any system it connects to, extending infection to any backup systems, company servers and even other connected machines.
Most traditional backup systems make use of an overwrite system, meaning that current data simply copies over the previous backup. Unfortunately, this means that many users upload the virus with their most recent backup, writing over their previous data and rendering it, too, inaccessible. The same goes for typical, public cloud backup that also uses overwrite systems.
What companies need to protect themselves properly against ransomware is a cloud backup system that doesn’t simply overwrite previous data, but instead keeps multiple data records. Data is stored periodically, with multiple, historic copies kept at any given time. What this means is that you can pinpoint when the virus was downloaded and, while all backups made since infection will be infected too, you can still go back to that point in time and effectively retrieve all your data from any backup preceding the date of infection, which remains intact.
Signing up and backing up to the cloud is very simple. Users simply subscribe to a service online and can begin backing up immediately. Backups are usually automatic and often occur daily at the same time, but users can customise when and what to backup based on preferences. Not only does this system protect businesses from ransomware, but it also proves beneficial for those instances when data has been accidentally deleted or lost, or when a previous version of data needs to be retrieved.
Backing up is important. But never has it been more important to have multiple historic backup versions than now, when ransomware is becoming more and more prevalent. It is vital that companies invest in a cloud backup system that does just that, protecting their systems and data – and their pockets – from ransomware syndicates and potentially crippling data losses.
By Iniel Dreyer