The smartest way to stay unaffected by ransomware? Backup!

The smartest way to stay unaffected by ransomware? Backup!


Here at Emsisoft, we know that ransomware is now the most consistently problematic type of malware to effect internet capable devices and businesses. As a security software vendor you might expect that with this blog post we would try to sell you our product as the ultimate solution against ransomware. A quality anti-malware program is vital. Our software in fact is specialized in finding and blocking ransomware, but there is one additional layer of protection you need to consider.

What would you do if an attacker gained admin access to your computer and disabled your antivirus/anti-malware software? They have cleared the way to load the encryption part of their ransomware onto your machine and now your data is lost to you. Anti-malware software detects malicious files very well, but it can’t prevent you from opening your doors to invite the bad guys in.

In the recent past our lab has dealt with many ransomware victims who’s computers were infected manually by using leaks in old, non-patched software to get admin access. So you should always have a Plan B at hand. If someone manages to disable your protection software, you need to have a backup.

Firstly, what is ransomware?

An exploitative crime, ransomware is a kind of malware that encrypts your personal data or locks your entire PC. If infected you will be asked to pay a “ransom” via an anonymous service (such as a Bitcoin page) in order to unlock your computer and free your data.
Ransomware makes up a huge part of today’s active threats as it turned out to be one of the easiest and highest income earners for attackers. All other malware makes its developers money indirectly (by using or selling your computer power), but ransomware directly asks you (the victim) for cash by putting you in a situation in which you feel forced to pay.

The key to protecting your data from a ransomware attack lies with preparedness.

It’s all about Plan B

If you have all of your data stored somewhere else, uninfected, a ransomware attack will not be such a problem for you. In fact, in most cases you will only need to wipe your computer and start again. By keeping an updated backup, you can reinstall your operating systems, programs and personal data. This applies to businesses too. If a daily backup becomes part of your daily closing procedure, customer databases, accounts and book-keeping files will always be up-to-date in case of emergency.

What should I backup?

Let’s start with the most important. First and foremost, you need to back up your personal files. Your personal data is irreplaceable. Think of it this way. If your house was burning down, aside from your loved ones, what would you want to save?
Backup any personal documents such as copies of birth certificates or saved bank statements. Your photos, home videos, and any other data such as your work files should be backed up regularly. Those can never be replaced. If you’ve spent hours ripping audio CDs to build your dream MP3 library, you may want to back those files up too.
Your operating system, programs, and other settings should also be backed up. Though it’s not necessary, it can make your life easier if your entire hard drive fails. Particularly if, like me, you are the type of person that likes to play around with program files, regularly update your hardware and run partitions for linux, having a full system image backup may be very useful for you.
Since ransomware also targets corporate users, customer information systems and databases should be backed up regularly.


Backup Options

Before choosing a backup option, the first and most important step is to take some time to properly label and organize your files into well-named and easy to follow directories. If it gets too overwhelming, try starting it on paper.

Seagate offers excellent advice on how to organize your files with a back-up master plan. Decide on the frequency with which you will back up, then consider what your best backup option is.

External hard drives are a good option as the drive can be kept physically separate to your machine and can be locked away for safe keeping. However, external hard drives only work as a backup option if the device is kept physically disconnected from the machine. If it remains plugged in, it is as susceptible to ransomware as the hard disk of your computer. So, keep your backup separate. Keep it updated. And consider encrypting both your computer’s hard disk and the portable hard drive. We explore the benefits of file encryption here.

Backing up online with a cloud service like CrashPlan can be an excellent option to protect against natural disaster, fire or any other kind of physical threat to your data.

CrashPlan is a reputable online backup service with equally popular competitors such as BackBlaze, Carbonite and MozyHome. These programs will run in the background, updating your files in the programs web storage. Keep in mind this option usually requires a monthly fee and the first backup can take quite a long time, particularly if you have a lot of data.

Cloud safety is becoming more and more undermined by cybercriminals who, rather than hacking computers directly, hack the main servers of cloud services. This means your data could still be held to ransom, just on a much larger scale among thousands of other users.

So, when considering an online backup option, look carefully for a service that supports revisioning where old versions of files are kept and are accessible if your backup files are also infected with ransomware. This table compares online backup options based on the different features they offer. If you choose an option that does not support revisioning, please ensure the service does not remain constantly connected to your main computer as even these files can be corrupted. With no alternative versions of your files, you will still lose your data.

By regularly updating with revisioning, all versions will be more recent and your loss can be minimised drastically. If ransomware changes the most recent backup, older versions should remain unchanged.

In summary: avoid infection

  • Keep your software and operating systems up to date and your system clean.
  • Do not install applications from unfamiliar sources or untrusted websites.
  • Read permissions closely when requested by programs or apps.
  • Back up data and devices frequently.
  • Install and regularly update a quality anti-malware product such as Emsisoft Anti-Malware. Our software has a proven ability to capture and eliminate ransomware. Read about our performance against ransomware here with our behaviour blocker technology.
  • If infected, take every possible step to avoid paying. Every bitcoin in the hands of a cybercriminal increases the profitability and spread of this kind of malware. Emsisoft does not profit from emergencies. If you ever have a problem, please contact us.

Have a great (malware-free) day!

  • Eagereagle

    As usual, a concise, well written and easy to understand newsletter about safety, supported by examples and hints. Thank you Emsisoft for keeping us lay(wo)men abreast and when possible one step ahead of potential and serious damages. This being said, the end responsibility lays in our hands as individuals, to implement and maintain.

  • Sandra Thomas

    Emisoft is already looking after my software. Should I backup my files on to a USB?. TIA

    • David Biggar

      In a word, yes. Backups are another important part of keeping your data safe.

      • Sandra Thomas

        Thanks, Dave. Hope I can manage it. Hope it’s user friendly

  • cat1092

    This is what I’ve been stating in many of my Emsisoft Blog comments, no security plan being bulletproof, there has to be a Plan B. Just as with many phases of life, there’s a backup plan in place for when the bad or unexpected happens.

    I go both the online & external drive route, with the external being the main one, and I’ll always keep the first three backups (the first of which is before the computer is booted if removeable), as well as the last three, and have over 6TB in backup space & counting.

    It used to be, that I’d install an extra internal drive for this purpose, however when the various ‘crypto’ types of infections began to be known, changed to external for this purpose, and use a WinPE based backup that actually offers a bootable option & free (Macrium Reflect). Meaning the backup (full drive image) is running & Windows isn’t, which has it’s advantages. I also prevent Data loss by not using the ‘C’ drive for storage, rather another partition which is imaged 3x weekly, and also drop folders of importance onto various externals, as well as optical media, as soon as created.

    While both Emsisoft Anti Malware & Internet Security are AAA+ security options, there are times, and much of this lays on the back of the user, how much risk one takes or how far can one push their luck in visiting bad sites, or opening every email that promises the world & has a different type of payload than we expect, sooner or later, even the best of security will break if pushed to the limit.

    This is where the latest backups can come in handy. Sometimes to play it double safe, use the 2nd oldest, if not too old (less than a month & Data is stored elsewhere). May have to perform some updates & that of installed software, yet that’s better than a risk all approach, and most will be up & running again in 15-30 minutes, sometimes longer if the ‘C’ drive is loaded with software & excessive bloat. BTW, get rid of that bloat by uninstalling software not needed, and run Disk Cleanup using the ‘Clean up System Files’ option, or if running Windows 7, right click on Disk Cleanup & Run As Administrator. Don’t be surprised to find 3-5GB of useless garbage, and be sure to check Windows Update leftovers, and reboot after cleanup, it’ll appear that Windows Update is configuring again, all it’s doing is purging the update installers. After 2-3 years, this can be a massive file, more so if 5 or more years old & still on the original install.

    Don’t forget to run EAM or EIS afterwards.;-)