In September 2013, a new malware called CryptoLocker surfaced around the world. It's known as ransomware–a form of malware that, after infecting a computer, encrypts all of a user's files and demands payment from the user to unencrypt the files. According to the FBI, over 500,000 computers have been infected, and victims have paid out $27m. On Wednesday, the security firm FireEye released software called DecryptoLocker to unlock any encrypted files (BBC), but before that, the most effective path to getting files back was from a backup.
Pete Martin and Noel Materna from PC Mac Networks experienced this scenario first-hand. Their client had a mixed Mac/Windows environment, and they saw CryptoLocker infecting Windows computers then encrypting Mac files as well through network shares. Martin recently talked to us about their experience and how Retrospect got their client's files back:
“[We] maintain the Mac servers and workstations for a business that also has PCs. A different company handles the PC side of the business. When the CryptoLocker virus infected their network several months back, even my initial thought was that the Macs were safe; the virus can't run on Macs, right? True enough.
“However, there were PC clients who had the Mac XServe mounted, and the virus can sure infect those Mac files -- if it can get to them. As the virus made its way through all mounted drives or shares on a Monday morning, it got to any XServe volumes and locked hundreds of thousands of files -- InDesign, QuarkXPress, Word docs... you name it. In short order, the Mac server had two share points that were essentially useless, thanks to PCs that were logged onto the server.
“We restricted network access, hooked up the previous week's backup drives (LaCie D2 FireWire 800s - two, that rotate on A-B weeks) and launched Retrospect. We created new sharepoints, and restored from the Friday night backup using Retrospect, Inc. 8 software to those shares. With literally hundreds of thousands of files -- close to a terabyte of data -- this took quite a while. But within a day, all the files were restored. The client said it appeared nothing was lost. We granted access to the new share only to a limited set of Mac users (in case the virus was still in the network) and they logged in and got back to work. A happy client.
“I've seen PC admins struggle using other backup software. I've witnessed lost files and angry clients. But knock on wood, the times I've used Retrospect, data has been recovered.”
No one plans to be affected by malware, but half a million people over the last six months were locked out of their files because of CryptoLocker. When it happens, it's good to have a backup.