There’s a new threat to computer owners. Something even more sinister than the more familiar viruses and malware. It’s called ‘ransomware’, and it’s essentially a script which is downloaded onto your computer from a malicious website (or from a website which has been hacked), which then goes on to encrypt your hard disk, locking you out from all of your files.

Encryption works by scrambling the contents of files, and the only way to unscramble this code is if you have the key. Encryption is very common in the computer world, and it’s very secure.

About Encryption

At Elmnet all of our drives are encrypted, and we do this so that if ever one of our computers was stolen the drive contents are pretty much inaccessible to the thief. If the drive wasn’t encrypted then they’d essentially be able to mount it in their own computer and go through all of our files. We’ve an obligation to provide privacy and security to all of our customers, and we don’t want any of our correspondence with them to be visible to anyone else, so encryption is a must.

We work on the Mac platform, so the encryption / decryption process takes place invisibly in the background. We turn our computers on, we provide a password, the computer starts up and it decrypts the disk so we can use it. If we didn’t have the decryption key (in this case our password) then we wouldn’t be able to access the drive, so it’s very important not to forget it!

How Ransomware Works

Ransomware works in exactly the same way. It encrypts the contents of your hard drive so that it can only be decrypted if you have the key. The difference is that you don’t have the key, the hacker does – and he’s not going to tell you what it is unless you pay him.

880dd43c2ed31c0c

You’re held to ransom! Potentially all of your files are lost unless you cough up. So what can you do?

In a word, not a lot. You can pay the hacker and hope they’ll send you the key, but there are no guarantees that they will. Why would they? The best thing to do is to cover your back. Here’s how we do it.

Clone your hard drive…

Ideally, what you need is a carbon copy of your computer hard drive. This is good backup policy anyway, but it’s better to do this than simply back up your documents. Imagine that your hard disk fails. You now have to go out and buy a new one, re-install the operating system, re-install your applications and then all of your files.

It takes time. If you’ve got time then this may be good enough for you, but for us as a business we need our computers running, so we regularly take a bootable copy of our hard drives and keep them in a cupboard, disconnected from the computer.

If the worst happens, and a computer becomes infected (or a hard disk fails) then we simply take the cloned drive out of the cupboard, power the computer down, replace the infected / broken drive and start it all up. We’re back in business with a downtime of less than ten minutes. We can then order a new hard drive and create a new clone.

Disconnect…

This is the important part. If you have a backup drive permanently connected to your computer, and your computer becomes infected with ransomware, then it could spread to all connected drives and all network shares. By having a copy of your drive locked away in a cupboard (in fact, preferably in a different building) you know that it’s safe.

External HDD Caddy

We purchased an external hard disk caddy which allows us to connect hard disks to our computers without having to switch off and open up the machines. This makes cloning disks very easy. Here it is in action:

file_000-3file_000file_000-1

It cost us less than £20 on Amazon (the hard plastic storage case was around a fiver), and it connects to the computer via USB. We drop the hard drive into the slot, and it appears on the computer desktop as an external drive. Once it appears on the drive we can work with it. We use the excellent Carbon Copy Cloner software to create a bootable copy of the main drive that contains the computer’s operating system – so in our case ‘Macintosh HD’. This cloning software will also clone any encrypted drives, so if our cloned copy was stolen it would be inaccessible to anyone without the key.

The initial clone of the drive takes a couple of hours, but subsequent ‘smart updates’ take around 20 minutes. Our routine is that every Friday at 4pm we’ll take the backup drive out of the cupboard, pop it in the caddy and then run the cloning procedure. We can still work on the computer whilst the update takes place. When we’re done we eject the disk and put it in a hard plastic case, clearly labelled.

And that’s all there is to it. A disconnected hard disk safely stored in the cupboard is immune to ransomware, and if the worst happens it’s so easy to install the cloned drive into the computer. It’s even possible to boot up from this drive with it in the caddy, which makes getting back up and running even faster. The files on the operating system drive rarely change – in fact it’s only if we install a new application or update the operating system that we really need to back it up. All of our emails are stored in the cloud, and our working documents are on a different drive, so a weekly backup is more than adequate.

But, always keep a separate ‘documents’ backup too, preferably in the cloud…

Our computers also back up their working files (the ‘Documents’ folder on a Mac, or ‘My Documents’ on a PC) to an external hard disk on an hourly basis. We use Apple’s excellent ‘Time Machine‘ for this, though there are Windows equivalents, and we do this because we work on files every hour of every day, so need to back those up as well as the operating system drive.

Additionally though, we use the Carbonite app, which uploads directories we specify to the Carbonite cloud in real time. This means that we’re pretty much covered for any kind of data loss. You may argue that backing up files to another hard disk AND to Carbonite is overkill, and perhaps it is, but we like to play things safe!

It’s important to consider different scenarios for your business, and to think about whether your backup plan covers all possible outcomes. Imagine these ones. Would you be covered?

  • Main hard drive fails or becomes infected with ransomware:
    We remove the faulty / infected drive, install the cloned drive in it’s place, reboot and then restore any working files (newer than when the cloned copy was taken) from our documents backup drive. We’re back in business in less than an hour.
  • Main hard drive and files backup drive become infected with ransomware:
    We remove all infected drives, install the cloned operating system drive, and download a clean copy of all of our documents from the Carbonite cloud backup.
  • The office burns down, taking all cloned drives and backup drives with it:
    We would probably swear a lot, then go to the Apple store and buy a couple of new iMacs. We set them up again from our iCloud backups, then connect to the Carbonite server and restore all of our documents. This procedure will put us out of action for a day or two, but ultimately we know that we’ve no data lost, and we’ll be back in business with minimal disruption.

The cost?

This of course all costs money, but for a fairly modest outlay you’re covering something very valuable – all of your data. A hard disk caddy costs around £20, a plastic disk case a fiver, a second SATA hard disk can be bought for around £60, and a subscription to Carbonite a mere £50 per year. For just over £130 you’ve got it all covered, and with the average ransomware demand being around £3000 it could be money very well spent.