I recently received a spate of emails from a PR person suggesting that I add Lee Munson’s article on The history of ransomware to the AVIEN ransomware resources pages. I nearly ignored it altogether because I don’t respond well to PR pressure. It’s one of the few things I have in common with career journalists…
Backup: the Why and How
However, the article is a reasonable introductory guide and offers a brief history that includes some (but by no means all) ransomware families and some reasonable advice, so I’m OK with including it, here. That said, while I agree that backups are an essential precaution (and not only because of the risk of a ransomware attack), he misses an essential point. Of course it’s ‘preferable’ to have offsite backups in case of ‘the risks of a fire etc. in your own home’, but many people and organizations nowadays don’t think first in terms of physical media like optical disks and flash storage, but rather in terms of some form of cloud storage. Which are very likely to be offsite, of course.
Offsite versus Offline
However, where such storage is ‘always on’, its contents may be vulnerable to compromise by ransomware in the same way that local storage is, so it’s important that offsite storage:
- Is not routinely and permanently online
- Protects backed-up data from automatic and silent modification or overwriting by malware when the remote facility is online
- Protects earlier generations of backed-up data from compromise so that even if disaster strikes the very latest backups, you can at least retrieve some data, including earlier versions of current data.
Most articles on backup aimed at home users don’t go deeply into backup strategies, especially as utilized by system administrators, and that’s a gap I’m considering trying to fill. (However, Aryeh Goretsky’s article for ESET, Options for backing up your computer, is a good summary for home users, even though it’s several years old.)
Making the Cloud less Nebulous
For the moment it’s worth remembering that backup isn’t a fire-and-forget one-time exercise, but an ongoing task. Furthermore, the last thing you want to do is rely on a single generation of backups on a single site, or using a single provider. Bear in mind also that when cloud providers offer versioning, when backup of a file is triggered when it is modified, it may or may not mean that (one or more) earlier generations of the same file are preserved. It may be more convenient to keep only the latest version of a document, thus saving both space and the potential hassles of version control. But it makes sense to have a generational strategy in place so that you can, if necessary, roll back to a previous version and build on that. It makes even more sense to have read-only versions in reserve, for obvious reasons.