Bryley Basics: How ransomware (Crypto Locker) makes backups more critical
Ransomware – usually Crypto Locker and its variants – is a form of cyber-malware based on encryption software that seeks payment (ransom) to undo the damage; when infected, the malware typically encrypts all data files, rendering them useless until the ransom is paid. (Encryption software scrambles a files’ contents and creates an encryption key, essentially a code used to reverse the process. Unless you have this key and the encryption software, the files remain unreadable.)
Hiawatha Bray of the Boston Globe recently reported a ransomware infection at the Tewksbury Police Department; after repeated attempts to decrypt, the Chief of Police paid the ransom.
Other than paying the ransom, which is risky and not recommended since it potentially makes you more of a target in the future, the only way to thwart ransomware is by restoring the corrupted files through a backup that was created before the infection.
A properly planned and implemented backup process is vital since data stored on a network server represents many hours of effort over time, making it impractical and usually impossible to recreate. A properly functioning, multi-point-in-time backup is necessary to provide restoration under these and other scenarios:
- A server fails
- A file is deleted
- A template is written over
- An application upgrade fails and must be restored
- A document is inadvertently changed and saved by a user
A backup should be a complete, recoverable copy of not just data, but the entire server/network environment. It should have these properties:
- Sequenced over many days
- Complete image
- Offsite storage
For information on backups, visit our Data-Backup Guidelines.