I was reading about ransomware – where you lose access to your data due to a nefarious application encrypting all your data. Hundreds of thousands of people have been affected by CryptoLocker – having to pay criminals in the hope of regaining access to their prized photographs, documents, email… Best not to get infected, of course. Best not to open suspicious attachments, of course. But what would happen if I goofed? After all, I goof a lot. There’s advice out there, but am I prepared?
Before starting to consider what I would do, what are my exposures?
- My documents, spreadsheets, etc are in Google’s Cloud. Could they be data-napped? Why yes, though that may surprise you. Google Drive looks like a mapped drive to your PC – and the ransomware can see it. In mitigation, Google Drive has versioning. So, if the ransomware encrypts a file, you should be able to retrieve the older versions – but read the fine print. The versioning times out after 30 days and only survives 100 changes. That’s not bad – but I could feel better rather than stepping through each file, one at a time.
- My photographic collection is far too large for the cloud. I keep it on a NAS. Could they be data-napped? Yes. In partial mitigation, my prior years’ photographs are archived on Amazon Glacier. I can get them back.
- My current year photographs are stored on the NAS and not yet archived to Amazon Glacier. So there’s a vulnerability. But I keep a copy of my current year’s photographs on Google Drive – and we already know that supports versioning. So I have something, just a bit messy.
- My wife isn’t using any cloud solutions. All her data is on her laptop. We’re using File History to back up her data onto the NAS – but then both her machine and the NAS could be data-napped. We also have Carbonite running on her laptop – so her files are being versioned – that’s not bad – but I could feel better rather than stepping through each file, one at a time.
So, I should do something. My wife’s and my data (and newer photogaphs) are covered with the versioning of our current solutions – Carbonite and Google Drive. But with potentially thousands of files to recover, recovery would be messy, protracted and error-prone.
(In the back of my head, I think I’d like to get rid of Carbonite. It seems unnecessary. That said, I’ve used it a few times – and it has proven utterly reliable and invaluable.)
As an aside, the better the synchronisation the faster errors propagate. I have my NAS and Google Drive synchronising using Synology’s Cloud Sync (not Cloud Station). I have a backup to Google. Hah. I felt very proud. But, of course, if one corrupts the other corrupts. Oh. Oh dear.
Given my vulnerabilities, what are my options?
- Retreat to pen and paper. This IT stuff is way over-complicated. Kidding.
- Live with the current arrangement. Google Mail does a good job of filtering crap email. OpenDNS does a good job of keeping us away from dubious sites. That’s good prevention, but what if…
- Take a point in time backup – and store it disconnected from the network. That’s an important point, if it’s connected it can be infected. So having taken a backup I must take it offline – or the rasnsomware could find it.
My NAS supports backup to either a directly connected drive or a networked device . I have options. I have an eight year old NAS – ah, but it doesn’t have enough capacity. I have a USB 3 connecting disk caddy and an old drive – it’s big enough for now. If I need a bigger, and faster, drive I’ll get one.
The process is: attach the drive, do the backup and detach the drive. I can see no way of automating this. After all, if I can automate it, so can some rogue piece of software. If I need to recover, I recover from the latest backup to regain most files. And then I use any versioning to try and recover the stragglers that’d been updated after the backup.
It takes about 18 hours to back up all my 1 TB of data from my NAS to my old slow drive. It looks like subsequent backups are incremental and thus quicker. Hmm. I think this may be it.
So, assuming you’ve read this, what are your exposures? What would you do if someone data napped your PC and all the devices on it?