Written by: Daniel Haurey on 10/02/15

Many business owners don’t understand the ramifications associated with using simple backup methods like USB/pen drives, synchronization to another folder location, backups to a network share, cloud-sync, etc.  What’s wrong with these methods?  You might think you’re simply protecting against a hard drive or server failure, but viruses are becoming a much bigger threat.

Today’s hackers are in it for the money, not the fame.  Those days are long gone and old backup methods should be too!  One of the worst risks comes from the newer generation of cryptographic threats (CryptoLocker, ZeroLocker, CryptoWall, etc.). These threats get delivered through a single weak link in the network.  They are often modified by their authors multiple times a month, skirting antivirus research teams faster than they can possibly respond.  In a recent customer outage, only 3 out of 97 virus scanning engines detected a CryptoLocker threat which arrived embedded in a PDF document from a seemingly everyday contact.

Eric Burke, VP of Technology

Eric Burke, VP of Technology

Threats can arrive in various formats.  Many of the hardest to detect are injected into the “known good” processes running on your machine.  These are core components that should be running, not “unusual” programs running next to them.  As a result, many antivirus inspection techniques miss them.  Running frequent updates can help, as these security holes are usually patched once they become well-known.  Unfortunately, it takes time for this to occur and by that time, your data and your backups can be compromised.

What makes these threats so special?  We recently had a case where a company of roughly 140 users started noticing that they could not open Word documents (critical to their business).  CryptoLocker had executed on a networked machine and started culling through shared data that it could find anywhere on the network.  It runs silently, encrypting your files and eventually demanding ransom to release them.  With 140 people accessing documents all day, the problem showed itself quickly.  In a smaller environment, where days or weeks might go by with only a couple of edits, all of your documents (and their copies, backups, pen/USB copies) might be affected.  In 3-4 hours, in a shared folder with nearly 2 million shared files, 28,000 files in 1300 directories were wiped out.  How many Word, Excel, PDF and other similar documents do you have?  If you left your machine for a few hours for a long lunch, could they all be gone?

Along with multiple and varied layers of antivirus (hosted cloud for email, server and client-based), you’ll lessen the risk, but these threats are morphing much more quickly than you think.  The only recovery method is to disconnect the threat (infected machine) and try to determine the scope of the encryption.  Next, you’ll need to go back to a version of the files that were backed up before the issue and that are NOT in their native formats.  Why?  If you copied your backups to a USB key and the threat already infected your system – those files are also encrypted (infected).  If you normally leave that drive/device connected, the virus will encrypt those items on its own.  Your cloud-based file synchronization platforms may not help either.  Many will also overwrite the prior versions with the encrypted one, requiring that you jump through hoops to get your vendor to help you try to recover prior versions en masse.

Strong backup tools use proprietary formats to store documents, preventing them from being “found” in their native format.  They also support frequent (hourly or less) backups, only storing the differences between each backup.  This enables them to run quickly with minimal impact to your users.  If you’re still using the old methods to back-up your data, please speak with us soon – your data (and potentially your business) are at risk!