How Retrospect saved a company from CryptoLocker


In September 2013, a new malware called CryptoLocker surfaced around the world. It's known as ransomware–a form of malware that, after infecting a computer, encrypts all of a user's files and demands payment from the user to unencrypt the files. According to the FBI, over 500,000 computers have been infected, and victims have paid out $27m. On Wednesday, the security firm FireEye released software called DecryptoLocker to unlock any encrypted files (BBC), but before that, the most effective path to getting files back was from a backup.

Pete Martin and Noel Materna from PC Mac Networks experienced this scenario first-hand. Their client had a mixed Mac/Windows environment, and they saw CryptoLocker infecting Windows computers then encrypting Mac files as well through network shares. Martin recently talked to us about their experience and how Retrospect got their client's files back:

“[We] maintain the Mac servers and workstations for a business that also has PCs. A different company handles the PC side of the business. When the CryptoLocker virus infected their network several months back, even my initial thought was that the Macs were safe; the virus can't run on Macs, right? True enough.

“However, there were PC clients who had the Mac XServe mounted, and the virus can sure infect those Mac files -- if it can get to them. As the virus made its way through all mounted drives or shares on a Monday morning, it got to any XServe volumes and locked hundreds of thousands of files -- InDesign, QuarkXPress, Word docs... you name it. In short order, the Mac server had two share points that were essentially useless, thanks to PCs that were logged onto the server.

“We restricted network access, hooked up the previous week's backup drives (LaCie D2 FireWire 800s - two, that rotate on A-B weeks) and launched Retrospect. We created new sharepoints, and restored from the Friday night backup using Retrospect, Inc. 8 software to those shares. With literally hundreds of thousands of files -- close to a terabyte of data -- this took quite a while. But within a day, all the files were restored. The client said it appeared nothing was lost. We granted access to the new share only to a limited set of Mac users (in case the virus was still in the network) and they logged in and got back to work. A happy client.

“I've seen PC admins struggle using other backup software. I've witnessed lost files and angry clients. But knock on wood, the times I've used Retrospect, data has been recovered.”

No one plans to be affected by malware, but half a million people over the last six months were locked out of their files because of CryptoLocker. When it happens, it's good to have a backup.

Share your best data recovery story


Last month, we came up with some crazy ways to destroy your data in Expect the Unexpected. Who hasn't wanted to throw their computer into the pool?

Now, it's your turn. We know there are great data recovery stories out there, and we want to hear them. Post your best Retrospect story for a chance to win a $50 Amazon gift card. Use Spiceworks, Twitter, Facebook, LinkedIn, or Google+. (We're on all of them.) We'll pick the best one at the end of July and share it.

3 crazy ways to destroy data

Our marketing department got a little carried away with video ideas of ways data “could” get destroyed: Expect the Unexpected.

If you have an idea of something fun and easy we could video, please let me know, or send us a video to post.

Videos and photos from Kabia's event

We had a fantastic time at Kabia's event in April. Here are a couple pictures and videos from the event. Thanks again to Kabia for hosting!

Conférence Protection & Sécurité des Données - Partie 1

Conférence Protection & Sécurité des Données - Partie 2

Kabia_event1 Kabia_event2 Kabia_event3

Roadshow Lidera Network


We're excited to join our new Spanish distributor Lidera Network on their Storage Roadshow and introduce our latest versions of Retrospect- backup and recovery for SMBs.

When: 21st of May 2014

Where: Madrid / Hotel Silken Puerta América - Avda. América, 41 28002 Madrid España

If you're interested in attending, sign up at LIDERA.

Hope to see you there!

The Retrospect Spain Team