A Backup Plan To Defend Against Ransomware

Here is my understanding of what a computer home user with important data should do in order to protect against losing data or having to spend hours/ days reinstalling and reconfiguring their computer after a ransomware "incident:"

Create regular images of your system (both the system installation/configuration and the file data) on one or more hard drives or remote servers, that are, for the most part, not connected to your computer (except when you are running a backup).

Also, for files that you don't use regularly, it's best to have those not stored on your computer. This way you would notice quickly if your files start becoming encrypted. (A side benefit of this is if you accidentally put a file or folder in the trash you will notice the missing file or folder more quickly.) This is not as important as the previous paragraph but could be a good "add-on."

1) Am I right about the plan presented above?
2) How do the backups translate in terms of space on your computer to space on the backup? For round numbers sake, let's say the computer has 100GB used when you look at the hard drive usage. How big would one image of that be? I suppose to save space you could do some image backups and some backups using file history (can file history handle using multiple drives or tapes?)
3) How easy is it for a previously created image to get "hit" by ransomware or malware? In other words, if the image has already been created, could that easily just be encrypted by the ransomware when hooked up, or would that be more of a specialized feature of certain ransomware.
4) Besides a tape backup being slower to write the data, and cheaper in cost (once you are dealing with large amounts of space) are there any other implications of using tape vs hard drives? I know next to nothing about tape drives but I plan to educate myself on that soon.
5) As far as automating the process, is there an inexpensive option (having drives turn on and off periodically, backups run)?

 

1-a backup plan is good only if you are comfortable with it and do it regularly. your plan sounds reasonable to me.
2-image files can vary in size depending on all sorts of factors, but 100GB should yield a 40GB to 50GB image file size.
3-i would imagine any file on your hard drive would get encrypted, so store the image file externally.
4-i strongly dislike tape drives. if the file you want is at the end of the tape, it will take forever for the tape drive to get to the end of the tape just for one file. hard drives are cheap and so much faster at cherry picking wanted files.
5-automating the process might sound appealing, but i would do it all manually so you can assure yourself that all backups were done properly and without error.

good luck with it.

 

I practice the "3-2-1" rule of backup: Three copies of all important files. Two stored off the PC, and one on a secure cloud storage system such as Microsoft One Drive or Carbonite.

If you need proof of why this is critical, I'm it. About 6 years ago my house was broken into and damn near cleaned out. My main PC (the one I keep all my freelance work on) was stolen along with the backup external drive. Since I pay $60/year for Carbonite; however, I was able to access important files on a temporary PC until I built my replacement PC and used Carbonite to restore every single document, photo, song, etc. Keep in mind this same situation could happen in a fire, flood, tornado or any other natural disaster.

Compared to losing a lifetime of work and memories, $60-$100 per year to keep them safe and secure is a bargain.

 

I can see how those services can be worth their weight in gold. Your example of what happened is a good reminder to people. One criticism that I have heard about cloud services is to test whether the service actually works. For example, encrypt all of your files (like ransomware would), let it keep backing up for 30 days, and then try to restore the 31 day old material. Or, just try to restore 31 day old version to a different computer. Since Carbonite is probably a more established "player," you probably have less to worry about (with it actually working when it needs to).

 

Carbonite keeps files for 30 days; after that it deletes any older copies or anything you've deleted from your PC. Since you would almost certainly discover maliciously encryped files in just a few days, it would still give you plenty of time to clean the PC, delete the infected files and restore them using Carbonite. Carbonite's telephone tech support is A+. If you're having an issue backing up or restoring, they can usually help you fix it in 5-10 minutes or less.

As for Microsoft's One Drive, I've heard that ransomware cannot get to the files stored on it but I'm not positive of this. A benefit of One Drive versus Carbonite is that One Drive does not delete files older than 30 days unless you do so manually or let your subscription to Office 365 expire. The downside is you must store the files using the One Drive location or manually "cut and paste" existing files to it. Unlike Carbonite, One Drive does not do an automatic ongoing backup.

 

I don't like or trust any data company's that store your info. Microsoft has decreased OneDrive Storage to 5GB of data only free.And i am not going to shell out buko bucks for storage.When i can buy a 1TB external hard drive.

With a external hard drive you can keep your data for as long as you want.

 

Depends on what your goals for your data are wile?
If your lets say, a student, a small business or a multiple location entity, that needs to access this data from multiple devices or remotely, an external hard drive aint gonna cut the mustard.
If your a one man band at home, an external is fine!

There are many solutions to cloud security these days and it has improved greatly with such things as advanced encryption methods, 3-stage login security etc etc.

I utilize both the cloud and external hdd's because there are many occasions that i need to access data on the fly, but as gman863 says, taking advantage of the 3-2-1 method is also smart as an extra cover!

Having said that, challenges are still presented when it comes to ransomware as a network drive with read/write access, will be encrypted in the same way as a local hard drive.
This presents a challenge for businesses where employees access shared network folders.

 

You have to realize some people have a lot of data like me for instance.I have over 5 TB worth of music,movies information that can not be trusted with company's like microsoft.At least with me i can restore every thing if the hard drive crashes.If there server goes down i can't access the data.As where i can on my Backups.

I all so have game data as well that i backup and save.It's not that hard buying more data storage.I just don't trust these types of places with my data.I have heard bad stories about these places losing important data for major company's.

 

1. Have at minimum 2 copies stored off the computer of anything you don't or can't afford to lose. (We don't store most of our files on any computer).

2. Pay for malwarebytes; it includes ransomware protection.

3. Make images. (I keep notes on what things updated like browsers, flash, etc. from one image to the next so if I need to restore, I can see at a glance what I need to immediately update).

 

I keep most of my hard drives hidden from view.So only i have access to them if my system ever be comes hacked.Which i have not been hacked in over 10 + years.

 

Do you mean as a hidden drive on the network, or completely offline?

Most new Ransomware variants will still find hidden drives on your network and encrypt them accordingly.

As plodr suggests, paying for malwarebytes is a good idea as a protective layer addition with its ransomware protection feature as it quickly suss's out what the particular variant is up to, and kills its process before the damage is done.
TimW also suggests this in post #3

 

Depends if they are password restricted.And how well they are hidden offline.

I have been hit by a few virus last year but they never even effected my 5 drives.Three are external in which case i can remove them instantly with out them being effected.I have an SSD for my main drive and two platter drives for extra storage.

 

Well, there is no need for hiding if they are offline.

Online:: Hidden drives with password protection and even encryption wont help you against ransomware!