Fighting CryptoLocker with Online Backups (Updated)
Ransomware and how we protect backup data from an infection
We haven’t seen an infection of this scale in several years.
Hopefully you never have to see a message like:
“Your personal files are encrypted”, “Your computer has been locked”, or “Your documents, photos, databases and other important files have been encrypted!”
This Google trend graph is alarming considering that this original post was published in 2013, Ransomware is a very real threat now more than ever and having a business continuity plan for data is a must have for all.
UPDATED:
A new enhancement has been released to the WholesaleBackup client which better protects data from Ransomware.
Now your WholesaleBackup client will always retain two versions of a file (or the deleted version of a file) for the full retention period. This ensure that there’s always a good copy of the file that can be restored in your local backup vault or your off site backup vault.
Our tech support phones have been ringing the past few weeks about CryptoLocker Ransomware Infections. We’re receiving two types of calls, the first is from those who have been infected and need help recovering (thankfully they have been backing up with our solution and thus are able to recover to a pre-infection state).
The second type of call is from those wondering if CryptoLocker can transfer via our backup solution to infect server side backups. The answer to the second is a definitive “no” as with our solution the backup client and backup server are on independent networks and data and commands are encrypted and then transmitted in an encrypted channel so viruses can’t pass through or piggy back in.
Actual screen shot of CryptoLocker
With each backup, the WholesaleBackup client will also back up its own settings, history, and logs to the backup server, so if it’s own files are infected on the client’s computer, they’re still safely preserved and archived (during the retention period) on the backup server.
One thing to note with any backup solution is that if a file is infected on the backup client’s computer it will still be encrypted and sent and stored on the backup server. So it is important to use a long enough retention period such that you can recover files from before the infection.
We suggest you keep an eye on your backups and watch for unexpected (massive changes) in the number of files which were changed and backed up. This can be an indicator an infection has occured.
WholesaleBackup provides a full suite of white label backup software
You can build your very own Windows backup server using our server backup platform and then provision end-user online backup clients branded with your company name. Your customers will have a local and online backup system where they can store their backup data in a local vault on their own machine in addition to having another backup storage vault on your Windows backup server.
We also provide a hybrid cloud backup platform that allows you to store customer data on very cheap cloud storage from Amazon S3 and Google cloud storage. This option does not require you to have your own server. All you have to do is provision the cloud backup clients with your company brand and logo, once they are installed and the selections are made for the files and folders to backup, the data will go through a de-duplication process to avoid duplicate files, then create file blocks which are encrypted for transmission which will be sent to your cloud storage vault.
Whether you choose to build your own backup server or create your own cloud backup clients, you can run and monitor your backup business from a web browser with the Backup Management Web Console, which centralizes all of your customer’s statuses, backups, settings, and billings information. Our Partners, MSPs, VARs, and resellers, call this the mission control center for their backup operations.