Offline Backups

Recent publicity seems to have woken people up to the dangers of Cryptolocker

I’m still seeing lots of references to the security measures we should take to protect ourselves against Cryptolocker and a lot of my computer support clients are also asking for my advice as to whether they are adequately protected. If you don’t know what I’m referring to, have a look at these two blogs:

GameOver Zeus and Cryptolocker

The main area of inadequate protection that I am finding amongst my computer support clients is the lack of an “offline” backup.

What is an offline backup? We refer to stuff being “online” if it is connected to your main system – ie directly connected to your laptop or desktop computer or connected to your local network via your router. Stuff that is “offline” is likely to be either:

  • A USB thumb drive (also known as a “memory stick” but that is actually a proprietory name of a Sony device) that is not plugged into your computer at the moment
  • A DVD or CD
  • An external hard drive that is not connected to your computer at the moment
  • In “the cloud” (eg on Skydrive, or iCloud).

CryptoLocker WindowThe point here is that Cryptolocker is capable of detecting drives that are currently connected (“online”), so this would include a currently connected USB drive or external hard disc. Your backup needs to be detached from your computer at the time of an attack by Cryptolocker to ensure that it remains safe (ie it must be “offline”). The only exception that I can think of is that anything you have burned to a CD or DVD is safe even if the disc is in the CD/DVD drive, provided that the media is of the “read” type rather than “read/write”. This is because, by definition, data can only be burned once onto a DVDR or CDR disc, so Cryptolocker won’t be able to replace your data with an encrypted version.

Backups that are “in the cloud” are probably not directly accessible by Cryptolocker.
I am not certain about this, but I can’t find any reference to cloud backups being vulnerable by virtue of them being “online”. However, there is a very big “but” here in that if your backups to the cloud are managed by a programmed schedule (as opposed to backups only being created manually on an ad hoc basis) then your backups could be at risk as a result of the schedule deleting your previously good backup and replacing it with files that have been encrypted by Cryptolocker.

Lifebelt in the SkyOne way to get over the problem of cloud backups being overwritten with encrypted files would be to establish another cloud account and then to periodically copy the backup data from the first cloud account to the second cloud account. If this backup is not created by a schedule then files encrypted by Cryptolocker will not over-write a good backup with an encrypted one.

Another step that can be taken to add a layer of security to your backups is to take a backup onto an external drive (hard drive, USB “memory stick”, or even CD or DVD) and then ask someone to keep this safe for you in their premises rather than your own. I advise doing this. It has always been a good practice, but, in reality, I’ve only ever been able to persuade a very few of my computer support clients that it is a practice worth adopting. This “off-premises” backup becomes, in effect, an “archive”. An archive is a backup that is not over-written with a later backup. So, for instance, you may archive your annual accounts. This means that whatever happens in the future you should always be able to access that particular year’s accounts because the backup never gets overwritten with a later one.

Locked Laptop
How safe is your data?
These “archives” don’t get updated (that’s what distinguishes them from backups), so they probably won’t include the very latest data if you suffer an attack from Cryptolocker. Nevertheless, they do provide you with a “worst case scenario” of the very least that you can expect to be able to recover if you should have a disaster such as a Cryptolocker attack. The other main reason for taking an “offsite backup” is that it also provides a layer of security against something disastrous happening to the location of your main system and backups – eg fire, theft, or flood.

However many levels of backup you introduce, you will only be absolutely sure that a usable backup exists if it’s there and it works when you need it. I’m afraid there are no absolute guarantees in this area. I think it’s one of those areas of computing where you have to make up your own mind how much time and effort you put into safeguarding your data. My own impression, though, is that – on average – my computer support clients probably do not pay enough attention to creating adequate backups and I suspect that it would be quite reasonable to extrapolate from that to say that most people, generally, are probably more vulnerable to losing data to the likes of Cryptolocker than they would like to be. As they say up North – think on!