For those that need a refresher, ransomware is a very nasty and sophisticated virus that gets into your computer, typically either via an email attachment or a bogus website, and then encrypts your data and other fundamental files. At the end of the encryption, a window appears providing you information on to how to pay the ransom to purchase a decryption key to recover your files. It is rarely possible to decrypt the files without the decryption key. Ransomware attacks are mostly on Windows-based computers, but Macs are not immune.
Of course keeping your applications and operating system current, updated, and supported and using antivirus software is very important, but that is not enough to protect yourself from ransomware. You also need to backup your data in a way that protects your backed up data should a ransomware attack occur. To achieve this level of protection, your backed up data needs to be untouchable by ransomware.
There are two basic forms of backup: file backup and system image backup. File backup means making a copy of all the files you care about; system image is a copy of everything on your computer (operating system, applications, settings, files, etc) in a form that allows complete or selective restoration. Typically backup copies are stored on an online storage device separate from your computer’s internal storage, but to protect against ransomware, more preparations are required.
The very best thing you can do to recover from a ransomware attack is at a minimum to maintain at least one offline copy of your critical files and/or system images in addition to your online backup. Offline prevents a ransomware virus from being able to encrypt your backups on that offline drive.
Storing your individual files in the cloud is practical and a fairly simple way to protect your data. Most cloud services keep multiple copies of your data (typically up to 30 days worth), so if your current copy were to get encrypted, there would be other copies to recover from. A system image is typically very large, so storing it “in the cloud” is not very practical. For your system image backups (and optionally file backups as well should you not wish to use the cloud), I recommend you rotate your backups among two or three external hard drives, one online connected to your computer and the other(s) offline. You should rotate the drives as often as you wish to keep the offline copy current (e.g., daily, weekly, or monthly). The rational for having multiple offline drives is to have extra protection should one offline drive become encrypted by ransomware when brought online.
I know this can be somewhat confusing, but the reality is that you are not immune from a ransomware attack and really should implement the steps I describe in this blog. Feel free to contact me if I can be of assistance.