Special Edition is the blog for security testing business SE Labs. It explains how we test security products, reports on the internet threats we find and provides security tips for businesses, other organisations and home users.

Monday, 1 August 2016

Defeat ransomware with free backups

Ransomware is a serious problem but protecting your data can be simple and inexpensive - if you choose your cloud storage provider carefully...

I know, I know. You were tired at the time and not really concentrating. You double-clicked an infected attachment and the world suddenly became a very hostile place.

Your files might as well be in Swahili. A ransom note, with a grasp of English you'd normally find endearing, is mocking you for your bad luck. If you don't figure out what a Bitcoin is, and how to send one to a person whom you'd very much like to die a slow and painful death, you'll lose everything forever. Or will you?

You could try to identify the exact strain of the exact family of infection, and see if a kindly anti-virus company or independent researcher has managed to figure out how to decrypt your precious files. If they haven't, what then?

By now, any computer expert worth their salt should be saying, "Wipe the machine and restore last night's backup." Of course, the backups! Cloud storage will save us! But there could be a problem…

If your cloud backup service re-uses space, and has over-written previous backups with the newly encrypted files (which, after all, look just like a bunch of freshly updated documents that need to be backed-up), then technically there is no backup. So, Bitcoins and a seedy alley on the dark web it is.

If you're busy, on the move, or have "non-technical" users to look after, you need backups that will both protect you from ransomware and take care of themselves. For safety from fire and theft, those backups also need to be stored off-site, which is why cloud backup services are ideal.

However, rather than continuously and efficiently updating a single archive, the ransomware threat means that you really need a service that keeps previous versions of everything.

There are many online backup services that offer file versioning, and to the best of my knowledge, the following all provide it on their free plans.
  • Blaucloud includes a versioning app that will keep old versions of files until you run out of space.
  • CrashPlan allows you to set backup frequency and versioning frequency.
  • Cubby contains versioning as standard in the free plan.
  • Dropbox has unlimited versioning as standard.
  • ElephantDrive provides unlimited versioning on its free Lite plan.
  • Google Drive keeps up to 100 versions per file, stored for up to 30 days.
  • iDrive stores up to 30 versions.
  • Mozy stores old versions for up to 30 days
  • pCloud stores old versions and deleted files can be restored.
  • PowerFolder stores the last versions of files.
Ransomware is a 21st century plague, fuelled by greed. How you respond to it is paramount, because not paying the ransom is possibly the only way that will cause it to fall from favour with criminals. Versioning online backups are one way of helping that happy day come sooner.

Author: Jon Thompson (Email: jon@selabs.uk; Twitter: @jon_thompson_uk)

2 comments:

  1. The best is CrashPlan which is really unlimited, no limit, for ~50$/y!
    The app is a bit ugly but all the features are well conceived and support is really friendly.

    ReplyDelete