Many of you will have heard the news regarding the Colonial Pipeline cyber-attack which took place on May 7th. The pipeline was shut down for several days causing widespread fuel shortages and price hikes. In the end, due to the critical situation, Colonial agreed to pay a $4.4 million ransom to decrypt the affected systems. That’s a lot of money. I’m assuming that system backups were created automatically per a schedule, or in real-time, which means the destination drives where the backups were stored must have been permanently connected via a local network and therefore equally vulnerable to the Ransomware attack.
It is a fairly common misconception that Ransomware only attacks drives connected internally but that is far from the case. Ransomware will more often than not hunt down and encrypt any data stored on any connected drive(s), whether they be connected internally, network-connected, or connected via USB. That’s why I have always manually created my backups, which means the storage device (in my case a dedicated external USB hard drive) is connected to the system only during the backup process. As soon as the process has completed, the drive is disconnected again.
How To Protect Against Ransomware Attacks
In response to the Colonial Pipeline cyberattack, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the FBI issued an advisory for large companies to help keep them safe from ransomware. Suggested steps include:
- Using strong passwords and a password manager
- Avoid malicious websites
- Keep software always up-to-date
- Learn how to identify phishing email
- Blah, blah, blah
Nothing more than the exact same advice tech sites, such as Daves Computer Tips, has been preaching for years. What needs to be understood first is that the vast majority of Ransomware infections, if not all, are self-inflicted. That is, a user has clicked on something they shouldn’t have clicked on — maybe a malicious email attachment, malicious link, or perhaps they have inadvertently visited a malicious website. However, as individuals, we home PC users have a couple of distinct advantages over enterprise situations:
- We are, in many cases, a single user whereas enterprise situations involve multiple users, often numbering in the dozens to hundreds. This raises the level of risk exponentially
- Because the quantity of data we are working with is far less than in a corporate climate and is changing much less frequently, we do not need to leave our backup drive(s) connected at all times
Implement A Comprehensive Backup Strategy
All of the usual advice, including the suggestions within the CISA advisory, can help protect against all types of malware and can be summed up thus: “treat everything with a good dose of caution and skepticism“. That said, there is one sure-fire way to protect against the ravages caused by Ransomware and that is to implement a comprehensive backup strategy.
I have two internal drives connected to my main machine, a 250GB Samsung SSD that acts as my system drive plus a 1TB HDD where I store all my personal data. Every week I manually create a full system image backup plus an image backup of the data on the HDD. I maintain four images of each, deleting the oldest image each time I create a new one. Now, this is not going to prevent Ransomware from infecting my system and encrypting all my data but the backups provide me with an instant cure. All I need do is restore the latest full system image backup (that will take care of the Ransomware infection) and then restore all my data from the image back to its original unencrypted state. Restoration takes about 10 minutes total and I am back in business — job done.
As I mentioned earlier, it is important to remember to leave the backup drive disconnected and only connect it when going through the backup process. For that very reason, I do not store any other data on that drive, it is specifically used only to store my backups. Of course, this type of backup strategy will not only rescue you from a Ransomware attack but from any sort of malware infection. It can also fix a broken/misbehaving system and even rescue you from a failing or failed SSD/HDD.
It’s one of those “it will never happen to me” scenarios… until it does. If you are not implementing a backup plan, I implore you to do so. It takes very little time and effort in exchange for a whole lot of peace of mind. I can highly recommend Aomei Backupper Standard. It is completely free, includes every required feature, is intuitive, and very simple to use. And, if you need any help getting started, you can always contact us via the contact link included in the main menu across the top of the page: