Back-ups are the Back-ups Against Ransomware

wp_backupBe honest, when did you last back up your data?

A quarter of all computer users have never backed up their data and 39% backup their data only once a year, according to a study carried out in the US by Backblaze https://www.backblaze.com/blog/backup-awareness-month-2015/. A similar study by Norman Data Defense Systems  shows that four out of ten Germans do not have a security copy of their data and only 38% regularly back up their data at all.

Even the question of when you last backed up your files is the wrong question; backups should ideally be carried out regularly and automatically. Both Macs and Windows computers have built-in tools such as Apple’s Time Machine   and Windows 10’s File History which automatically back up all of your files and more. With just a few clicks, backups can be set up on external hard drives. An alternative to such backups is saving files in the cloud. There are many options, e.g. SkyDrive, Apples iCloud or Google Drive, which secure files for free or for a small charge, if over a certain file volume.

Given that smartphones and tablets nowadays can be full-fledged computers, they also should be backed up regularly.

weakest_engl

In the past, hard disc failure or mislaid laptops were the main reasons for lost student essays, business documents or private photos and videos. Nowadays, encryption Trojans are a further threat to your data. These not only infest classic Windows computers, but now also Macs, smartphones and tablets. In the near future, possible targets could be household devices which are part of the Internet of Things.

This spiteful type of malware encrypts all files on an individual computer. Then, the cyber-criminals behind the Trojan demand ransom money, sometimes over Euro 10,000, before they allow the user to access their files again.

ransomware_mac_engl

The user can only hope that the makers of anti-virus software quickly develop a decryptor. However, this is becoming ever rarer, as cyber-criminals use increasingly complex encryption methods, which often cannot be decoded. The latest example is the 4th generation of the TeslaCrypt Trojan, which IT security experts now consider to be uncrackable. The same is said about Locky ransomware, which has immobilized whole hospitals in the last few months.

Bildschirmfoto 2016-04-05 um 10.07.27The user theoretically only has the option of paying the ransom with a cryptocurrency like Bitcoin. The strategy has changed here recently. While at first, it was often the case that the blackmailers behind the ransomware did not hand out the encryption key, even though the victim paid the ransom, now there are more and more cases of the key or a tool actually being provided once the ransom has been paid.

Cyber-criminals have apparently realized that the number of people prepared to pay a ransom has drastically declined since ransomware has become the subject of public scrutiny. The authorities and IT security experts regularly call on people not to pay the ransom, as hardly any cases are known in which the files were actually subsequently decrypted. The use of increasingly complex encryption algorithms reduces the chances of IT experts being able to break the code. The growing number of “satisfied customers” ensures that the money keeps coming for the cyber-blackmailers.

ransomware_barrel_eng

Anyone who actually pays the cyber-criminals should keep in mind that paying the ransom will lead to even more ransomware attacks in future. This applies not only to individuals, but also to companies and municipalities. An educational example of what can happen is the German municipality Dettelbach in Bavaria, which paid a 1.3 Bitcoin ransom (approx. 490 Euro), against the advice of the police. The town’s administration got a nasty surprise when much of their IT system did not recover full functionality after decryption and their ability to offer many standard services to residents was reduced for weeks.

There is a simple solution, though, to recovering your data after it has been encrypted by ransomware – the installation of a current update, which should always be part of a regular file backup.

This is something, however, that the cyber-criminals are also aware of. New versions of ransomware also target and encrypt files on external hard drives, network drives, or in the cloud. In the worst-case scenario, just one person in a company needs to open an infected email attachment for it to paralyze the whole company or civil service department.

ransomware_platforms_eng

There is not a simple solution to ransomware at the moment. Even when users rely on standardized and automatic backups on external hard drives or in the cloud, these can now also be encrypted. Of course, the best way to reduce the risk is to make sure the anti-virus program is up-to-date or use special “guardian” programs. The operating system, browsers, plug-ins and other programs should be regularly updated. In particular, training and awareness-raising for all, in particular for less tech-savvy staff members, is important.

None of this offers 100% protection, as ransomware is not only distributed by email attachments, but also by infected advertising banners on websites. This is known as malvertising and is very difficult to protect devices from, in particular when zero day exploits are used .

ransomwaretv_engThe private user can still take a number of steps to protect their backups against being infected by ransomware. They are not all easy, but worth the effort, considering the risk of losing all of your data. Two key steps are encrypting the backup drive or the cloud with a password and manually attaching the external hard drive just for the backup – and then detaching once finished. The pre-installed backup software then reminds the user to either enter the password or to attach the specified hard drive once the backup is created at the pre-set time. From experience, however, it seems that the majority of users start to ignore the message after a short while and choose to not carry out the backup, rather than entering the password or attaching the hard drive daily or even hourly.

locky_fax

There are also professional backup solutions for enterprises, which rely on redundant and varying storage locations. These can also be used by private individuals, but are often expensive.

Creating backups is an important element in the IT security chain and, for now, the best and easiest way of restoring encrypted data in case of infection by ransomware.

Private users and companies who do not regularly create automatized security copies or who do not have any backups at all are being grossly negligent.

A last warning is directed to all: do not under any circumstances pay ransom money to cyber-criminals.