Some ransomware goes beyond encryption.
Not long ago, I ran across an article entitled “Why System Backups No Longer Shield Against Ransomware“.
As an absolute statement, that title is incorrect and sensationalistic. System backups remain a critical defense — perhaps your single most important defense — against ransomware.
And yet, as expected, ransomware is evolving. It’s important to understand what it’s evolving into, and what you need to do, if anything, to defend yourself.
Become a Patron of Ask Leo! and go ad-free!
Backups vs. Ransomware
Most ransomware simply encrypts files on your computer, and possibly your backups. Backups remain the most important safety net to recover from all malware, including nearly all ransomware. Some recent ransomware also threatens to publicly expose your data unless the ransom is paid. The best defense against this and all forms of malware are the steps you should already be taking to stay safe: using up-to-date software, having security measures in place, avoiding risky behaviors online, and being skeptical of phishing and malicious attachments.
Ransomware and encryption
Ransomware’s reputation is based on its personal and destructive nature.
When infected, ransomware methodically encrypts your files, after which it presents a message indicating that you can purchase the decryption key for some amount of money — the ransom. If you don’t pay, your files remain encrypted and inaccessible.
If you do pay,1 you’re supposed to receive the decryption key or a tool that will decrypt your files for you, returning your accessibility to your own data.
Backups play a key roll in protecting you from this form of ransomware. By having backed up your files prior to their being encrypted, you can “simply” restore the files in their unencrypted state and get on with your life as if nothing had happened.
Backups can be complicated, but critical
I put “simply” in quotes above because it’s not necessarily that simple.
Most ransomware does, indeed, just encrypt your data files without further impact. All you need to do is remove the ransomware malware, and then restore your files from backup. That actually is pretty simple.
Some ransomware takes the additional step of encrypting any backups it finds. It’s not as common, but it can happen. Defending yourself requires a little extra preparation, typically in the form of taking some of your backups offline.
In either case, however, having those backups in the first place is what allows you to recover and move on without needing to pay the ransom.
Keep backing up.
Backups don’t protect against a new threat
In recent months, the folks behind ransomware have modified their approach slightly. It’s become a two-step process:
- Steal a copy of all your data.
- Encrypt your data.
This means they’ve taken your data hostage: they threaten to release their copy of your data publicly unless you pay the ransom.
That has little to nothing to do with the data encrypted on your system, and is a completely separate threat from anything backups can prevent. Restore all you want; the threat of public exposure remains.
The new threat is an old threat
It’s important to realize that this isn’t a new threat. Hackers have been stealing data and posting it publicly for decades. It’s called a data breach: a system is infiltrated and data is copied and then posted publicly, often in hacker forums.
What’s new is bundling it with ransomware and offering you an opportunity to prevent them from exposing your data.
Well, “prevent” might be a strong word. If you pay, they promise not to expose your data, and often promise to delete their copy.
Until some time later, of course, when it turns out — surprise! — they didn’t delete your data, and decide to extort more ransom from you.
The new defense is the old defense
I keep saying it over and over: ransomware is just malware. It’s malware that has particularly destructive behavior, but it’s nothing more than malicious software — malware.
You defend against ransomware the same way you defend against any malware, and hopefully the same way you’ve been protecting yourself against malware all along.
- Keep software up-to-date.
- Have properly configured security software and hardware configurations.
- Avoid risky online behaviors.
- Don’t fall for phishing attempts, and don’t open unexpected, untrusted email attachments.
That last one is worth special mention. Opening email attachments is now the #1 way that ransomware infections and data breaches happen. No amount of security software, hardware, or policy can protect you from yourself.
The glimmer of good news
If all this seems a little far-fetched — who would hold your data for ransom, after all? — you might be right.
If you’re an individual.
On the other hand, if you have a business — small, medium, or large — or have some other situation where you’re holding sensitive data, you’re clearly at higher risk of having serious problems if exposed publicly. Hackers know this, and if you happen to get infected with ransomware, you’re among those more likely to get this more threatening combo package of encryption and theft.
Keep. Backing. Up.
No, backups won’t protect you from absolutely everything — nothing can. But backups protect you from so many different types of threats and failures, you simply must keep doing them.
Tweak them if you like for additional safety from the malware known as ransomware, but keep backing up.
And don’t let your guard down in other areas. Keep doing all the things you know and need to do to keep yourself safe from any and all malware in the first place.
The best and safest scenario is to never let the malware hit your machine in the first place.
But keep backing up.
Footnotes & References