Ransomware has become a huge criminal enterprise valued now at many billions of dollars per year. Victims have spanned the spectrum from simple home users to multinational corporations. Although some home users and small businesses do not bother to backup at all, most victims thought that they had a good backup strategy.
Ineffective strategies include
- backing up to a usb hard drive
- backing up to a network shared drive
- using shadow copies on the computer
- using versioning software on the computer
- using “bare metal” backup programs where the images is sent to a network share, network attached storage or usb hard drive
- assuming anti virus software will stop the ransomware
The authors of ransomware have studied all of these strategies and have accounted for them in the software. Ransomware variants will seek out and destroy these backups often before destroying the primary copy
For a backup to be robust to ransomware it must
- be to a different network segment
- not use windows file sharing for transport
- use versioning
A cloud backup solution, for example Carbonite does meet these requirements and will be resistant to ransomware. In deciding on cloud vs local backup, consideration must be given to the total size of the data to be backed up, the cost and the restore time.