Protection from Ransomware with Retrospect
May 17, 2017
The WannaCry Ransomware has affected more than 300,000 computers in over 150 countries but is just one in a growing list of malware that can effectively wipe out your data. Here are some tips on using Retrospect to protect your data and keep it from happening to you, as well as using Retrospect to find out if it has happened so that you can recover quickly.
Aside from good general advice, such as keeping your operating system up to date, running virus scanners or using dedicated ransomware blockers, sites such as No More Ransom! advocate "Back-up! Back-up! Back-up!" as the number one preventative measure.
Multiple copies, multiple locations
As we covered in Audit your Backups, make sure you have more than one backup, and that you spread your backups to multiple destinations. If all of your backups are on a single disk that is connected to your computer, those backups can be encrypted at the same time as your source data, rendering them useless. So ensure you have current backups in an offsite location. Retrospect supports multiple cloud storage providers - an easy way to manage offsite protection.
Paying the ransom is not recommended as you are not guaranteed to get your data back. Moreover, you are demonstrating to the criminals that their tactics are effective and that they should continue.
Instead, if you have a full system backup using Retrospect, erasing your hard drive and restoring from a known safe backup is your best guarantee. Before erasing and going through the full restore, do a small restore of a known infected file to make sure that backup is unaffected.
Monitoring your backups routinely can help detect that you have been attacked. A sudden spike in data being backed up may be an indication that ransomware has encrypted your machine.
JG Heithcock is CEO of Retrospect, Inc. and has eighteen years experience in the storage and backup industry.