Richard Beutel writes: “I read your article in Illinois Country Living and have a question. Currently, I have two automatic backups using Goodsync software – one is on a three minute delay to a portable hard drive, and the second backs up once a week to a hard drive on my Linksys router and shows as Drive. Can ransomware get to these drives? The one with the weekly update was meant to prevent this and give me time to recover.”
Thank you, Richard, for writing in. I think this is a very valid question and many people may have a similar scenario. The good news is that you are set up very nicely to protect yourself. Let me take a moment to answer your question and explain how you might improve your chances of recovering from a malware attack.
The short answer is YES! If you have direct attached storage to your computer via USB, or a network drive (like one plugged into a router) and they are left turned on and connected, ransomware can absolutely encrypt and lock you out of your backups. Most ransomware will target the system drive where your operating system is installed first, because this is what locks you out of your system and may provoke you to pay the ransom. Most people get lucky with their backup being on an external USB drive, but if your computer is compromised, it has complete control over all connected drives.
There are a couple things you can do to protect yourself from this situation. The easiest thing in this scenario would be to use one of the backups as offline storage. Offline backups are a great way to ensure your data cannot be infected. You need to determine a schedule of weekly, bi-monthly, or monthly, and run a full backup to one of your drives, then unplug that drive until the next scheduled backup. If you contract ransomware and your drive is not plugged in, it cannot be infected. If you are lucky and the ransomware did not encrypt your primary, online backup, you can restore from your primary backup. If, however, your online backup was compromised, you can now use your offline backup to restore from. The down side is that you will lose all data since your last full backup. Therefore, it is important to choose your offline backup schedule carefully. You don’t want it to be so inconvenient that it doesn’t get done, but at the same time you want to limit the amount of data that is lost in the event you must rely on it.
Another option would be to use an online cloud-based backup such as Carbonite. This solution stores your backups to the cloud, however this is different than just saving a copy of your backup to google drive or any other cloud storage solution. Carbonite is a cloud-based backup solution that stores versions of your backup. This means if your PC is compromised, you can restore a prior version from your cloud backup.
A good backup strategy can include as many copies of your data as you’d like, however your working files and two additional copies of that data should be more than sufficient, especially if you keep one copy offline. There are many different backup strategies and I would encourage everyone to spend a little extra time to make sure your backup strategy not only protects you from the different types of threats, but also fits your specific needs.