Our support team has received several calls in the last year or so from clients scratching their heads over a particular kind of Trojan horse malware. “Hey, uh, what’s this CryptoWall all about? Is it seriously going to delete my data if I don’t pay $500 in three days? What are my options here?”
It’s called ransomware and yes, it’s very serious about deleting your data. And unless you have a true backup system in place (preferably offsite with a data center company), you don’t have many options but to immediately disconnect the device from your network before it corrupts the rest of your users on the network and quickly pay the ransom. Or you can completely wipe the laptop and start from scratch. It’s certainly not the most encouraging advice to have to give a client, but it does start a valuable conversation.
Many people believe that cloud-based file syncing tools, like Google Drive and Dropbox, can automatically and securely solve their data backup needs for both their business and their personal data. It seems logical, right? Your secondary files live offsite, so they’re safe from any kind of physical theft or loss, and they’re in the cloud, so they’re always available. Seems easy enough. However, this is a dangerous misconception. “True backups and file sync tools like Dropbox are fundamentally different tools that serve different purposes,” explains Braden Pittman, Managed & Cloud Services Engineer & TekVault Product Owner. “One does not – and cannot – replace the other.”
When asked what makes a backup different from file sync, Pittman broke it down for us:
"The most important difference between Dropbox and a backup product is that a true backup solution, like TekVault Enterprise (for entire servers) or TekVault Endpoint (for individual devices), has version retention. True backup systems will keep several versions from different dates in retention, so that if your data gets lost, corrupted, or encrypted, you or your service provider can go back in time to an older copy before the file went bad. Depending on how often you schedule your backups, that previous version could be from early that day or earlier that month. That’s why daily data backups are highly recommended. So while you may lose some of the work or changes made to that file before the corruption, you would still be able to recover a large majority of your data.
Dropbox and other file sync services don’t really do that: you simply have one copy in the cloud that is kept 'in sync' with the local copy living on your device. Any changes to your local copy – including the corruption that CryptoWall inflicts – would quickly be copied straight up to the version living in the cloud. And once it’s up in the cloud, DropBox isn’t really designed to go back to a previous version. In all fairness, some file sync services may have some slight version retention, but it’s usually very short – we’re talking a few hours or a couple days, at most. More often than not, you won’t even realize you’ve been hit with CryptoWall or a similar ransomware for days or weeks, long after DropBox has purged the clean data. That’s what is so insidious about ransomware: it works silently for days in order to encrypt large amounts of data before alerting you that you’re infected. By that time, it’s too late for anything other than either paying the amount they’re asking, or relying on a true data backup product to recover all your files."
At this point, the obvious question arises: “If CryptoWall is so dangerous, why aren’t we talking about preventing it from infecting our computers instead of recovering from it?”
At least for now, the problem with prevention is that no one knows this ransomware’s precise origin. The two most common forms of device corruption are through an email attachment and from infected ads on popular websites visited by users on a daily basis. So it works differently than other forms of malware, which traditionally rely on users going to sites they know to be risky or opening emails from addresses they don’t recognize. This kind of “you-never-know-how-you-got-it” approach to infection is particularly effective, and not a little bit disturbing. (Click here for a really helpful write-up on exactly how ransomware works.)
So until the tech world uncovers the origin of CryptoWall and creates an antidote for it, your number one defense is to have backups – true backups with version retention and industry-standard encryption. And if you don’t have them, there’s a good chance the day will come when you really wish you did.
If you’re interested in getting backups for your business servers or employee laptops, smartphones, and tablets, contact us today at firstname.lastname@example.org or 877.301.3125.
We’re here to make technology work for you!