Data Backup: Minimizing The Impact of Ransomware

By | June 1st, 2017

The old adage “Backing up your data is important to plan for, as hard drives inevitably fail.” is as true as ever, but equally true now is the need to backup your data to thwart the increasing frequency of ransomware attacks.

What is Ransomware?

Ransomware is malicious software that blocks access to your data, by encrypting files, until a ransom is paid. Once the ransom is paid, if you’re lucky, a decryption key is provided to the victim(s) to decrypt and access files.

How Does Ransomware Work?

Ransomware comes in two not-so-fun flavors: Encryptors and lockers. Encryptors incorporate advanced encryption algorithms to block system files until a ransom is paid. Lockers do as the name implies, locking victims out of their operating system. This makes it impossible to access applications, files and even the desktop until a ransom is paid. Encryptors, also known as crypto-ransomware, are the most widespread type of ransomware.

One of the more frustrating aspects of ransomware is that even if you’re careful to avoid it by not clicking on suspicious attachments, someone else’s infected computer might spread the malware to your computer over a shared network. WannaCry, a cryptoworm, spread in this fashion during the May 2017 ransomware attack.

How Backblaze Can Help Against Ransomware

“The best way to combat against ransomware is to backup your data.”

If you’re a current subscriber of Backblaze, there’s good news: Since Backblaze is continuously running online backup of your data, you can circumvent the need to pay a ransom by accessing and restore your files from your Backblaze backup.

If you’re new to Backblaze there is no time like the present to backup. Over the past 10 years, through our annual backup survey, we’ve consistently found that most people fail to regularly backup their data. 25% never backup and nearly 67% have not backed up in the last year. With so few people backing up, it is no wonder that ransomware is so effective.

Protecting Data Against Ransomware with Backblaze
Protecting yourself against ransomware, and malware in general, with Backblaze is quite easy. We previously highlighted one instance of how Backblaze provided a solution to one of our customers to circumvent a ransomware attack and, ultimately, restoring their data. In short, these are the steps you should take to safeguard yourself with Backblaze:

  1. Install Backblaze, if you haven’t already, on your computer.
  2. Make sure your Backblaze client is running and backing up your drive(s).
  3. At first notice of ransomware infecting your computer disable the Backblaze client temporarily  (Editors note: Removed as this was confusing to readers and an extraneous step)
  4. Login to Backblaze.com, “turn back time” for up to 30 days before the attack happened, access individual or all your files online, and/or request a full data restore via our Restore By Mail service.

Ransomware Attacks: Sizing Up The Risk To Your Data

The days of a random drive failure being the source of data loss may now seem like the good old days. Here’s how ransomware attacks currently size up:

Share this Image On Your Site

Jim Goldstein

Jim Goldstein

Director of Marketing Operations at Backblaze
Jim has 20+ years experience in marketing, is an avid outdoor photographer, pizza connoisseur, and father of two young boys who share his addiction to Legos & the great outdoors.

Follow Jim
Web Site: JMG-Galleries | Twitter: @jimgoldstein | Facebook: @jmggalleries | Google+: +jimgoldstein | LinkedIn: +jimgoldstein
Jim Goldstein

Latest posts by Jim Goldstein (see all)

Category:  Backing Up
  • Pingback: Data Backup: Minimizing The Impact of Ransomware()

  • Pingback: How to Recover From Ransomware – Site Title()

  • Pingback: Complete Guide to Ransomware: How to Recover and Prevent an Attack()

  • Jimmy Oddstuff

    Point 4 is ace!

  • Pingback: Have Friends Who Don’t Back Up? Share This Post! – Akshaya IT Services()

  • Pingback: The Beginner's Guide to Computer Backup()

  • Pingback: Top Ten Ways to Protect Yourself Against Phishing Attacks - Backblaze Blog()

  • Pingback: Top Ten Ways to Protect Yourself Against Phishing Attacks – Akshaya IT Services()

  • Pingback: Top Ten Ways to Protect Yourself Against Phishing Attacks()

  • Pingback: Protecting yourself from Ransomware. | Computer Impressions()

  • mystik1

    I have a very large amount of data (mostly video content). Upwards of 10 TB. I understand and can accept the price for the file backup service. I would be using your service right now EXCEPT for the fee you charge just to download the data when the time eventually comes. In my opinion, it is unreasonable. Let’s say my RAID system fails me, and I need data. So, this is a horrible, horrible time for me. No doubt, I will have to go out and buy at least 1 replacement HD (I use 8TB drives currently). So, I’m ready to start downloading from my amazing backup. Then, I have to pay $200 or more dollars extra, just to download from the backup I have already been paying $50 or more for per month. That is the only reason I haven’t been using B2 since it launched. I had ever intention to when I saw it. I was using CloudBerry Backup, and they were the first to support it. I was excited…an option that seemed like it would be more reliable and flexible than what I was already using. :/

    • Jim Goldstein

      As someone who also stores a lot of video and photography data its a matter of perspective. The cost of the restore through B2 Cloud Storage is far more economical when weighting the cost of my time and/or the cost of using a service to salvage data off a dead drive. In fact the cost of B2 Cloud Storage (monthly charges and download charges) are likely still going to be a fraction of the price a data recovery service will charge to pull data off a failed drive. In the event you’re under deadline and your RAID fails you can just download the individual files you need to complete a project while you wait for a RAID drive to restore. It doesn’t have to be all or nothing.

      On the business side B2 Cloud Storage is able to exist because of the storage charges. The cost of running a data center isn’t cheap and in the event you need your data in bulk due to an emergency it’s still an economical and most importantly reliable option.

  • p taft

    You said unplug the wifi; we are in an apartment complex that provides the wifi,
    no way to disable if the computer is locked

    • Jim Goldstein

      Sorry if there was any confusion, we did not mention turning off wifi in this article.

  • Cameron Fenton

    I think point 3 (at first notice of ransomware infecting your computer disable the Backblaze client temporarily) on your list is the tricky part. My understanding is that ransomware works very quickly, because if it didn’t it would be even more vulnerable to traditional anti-virus programs. I’m not sure most users would be able to detect ransomware before it’s already too late. At that point, they probably won’t be able to get to the Backblaze client to disable it.

    One suggestion, which may already be possible (I’m not sure), would be to make it possible to disable all backups from the website. Like revoking all logins on other computers works in Gmail. That way, as long as you could still access a computer you could prevent Backblaze from uploading the encrypted files.

    • Jim Goldstein

      Our system is designed in such away that you can access files and request restores via a web browser. In the event you’re shut out of a compromised computer you have this path to recover your files by rolling back time and doing a restore.

      • Cameron Fenton

        Thank you for the reply. That answers most of my concern. As long as you can roll back to earlier versions of a file, the only worry would be particularly tricky ransomware that could encrypt your files while still allowing access until 30 days have passed. That seems unlikely to be an effective attack as it would give anti-virus programs too much time to fix the problem.

  • mpantani

    Please walk me though this step by step. If I use Backblaze for backups and my computer is infected with ransomware, then the infected files from my computer will be uploaded to Backblaze. If I then restore files from Backblaze, won’t I download infected files?

    The key seems to be that a ransomware designer would simply write the program to infect my computer, then wait a week or a month until displaying the ransom notice, so that the infected files would get uploaded to Backblaze.

    How does Backblaze protect against this scenario?

    • Ted Keyes

      BackBlazee keeps previous versions of your files (30 days I think?). So you can go back to versions of them before the infection.

      • mpantani

        Thanks. I was also thinking of this factor in connection with the problems of bit rot. If a file becomes corrupted and I don’t realize it for months or a year, then it would appear that the backup would become corrupted too.

        It seems a better solution would not to do the series of backups for a file in terms of time, but in terms of the number of versions, using a hash value to determine whether the file has changed. In that way, if I don’t modify a file for a couple of years, I still have the backup intact. A new coruuption to the file (ransomware or bitrot) gets stored as a new version but I still have the old version. OTOH, if I spend hours working on a document and it gets saved every 10 minutes then I don’t need all 30 versions.

        I hope Backblaze provides a response. I’d like to know more about how this works.

        • Ted Keyes

          That’s a very good point and I think a very good idea.
          Also, smart ransomware could silently encrypt your files in the background while still allowing access.. over a period of time (30 days+) and then suddenly stop decrypting. Kind of like Instant Secure Erase on HDDs.

        • Elliott Sims

          The backup runs periodically, so it’s not necessarily going to pick up every single change made in a short series.

          Retaining files based on the number of versions is actually more dangerous in terms of malware. Silently encrypting while allowing access is pretty hard to do, but it would be very easy for malware to “flood” a bunch of mangled versions of the file to flush the real one out of the backups.

        • We call this general issue “poisoning the backup” and it’s a very interesting problem to work on.

          For good or bad (and this is a debate), the Backblaze laptop client will only look at a file if the “Last Modified” date changes. So if you have a completely good backup, and THEN a single bit in one of your files on the laptop is flipped, then Backblaze will not even notice and Backblaze will not “poison the backup” by copying the bad bits (unless that random bit was inside the “Last Modified” date, which is pretty unlikely).

          But in practice the 30 day rollback has been enough for most customers- they realize their laptop was stolen or their hard drive quit working within 30 days and prepare a restore.

  • James

    What’s the easiest way to “disable the Backblaze client temporarily”? I don’t see anything obvious when I login to the “Overview” panel at backblaze.com…

    • To totally disable the client – in the Control Panel, go to “Schedule” and select “Only When I Click Backup Now”. That will disable process’ until you press “go”.

      • James

        That’s what I was looking for! Thanks!

  • Pingback: Data Backup: Minimizing The Impact of Ransomware – Akshaya IT Services()

  • mAurelius

    Do you have any plans to incorporate detection of ransomware being inserted into the backup stream? E.g.: detecting if more than 80% of the data is being modified at one time, which could indicate it is all being encrypted. Obviously in most cases, having 30 days’ worth of backups to go back to should be plenty, but it would be nice to stop ransomware from even being able to be inserted into the backup stream to begin with.

    • Not at this time, but we’re always looking for ways to enhance our service. We’ll definitely factor in the feedback. Have a great weekend.

    • Jim Goldstein

      Not at this time, but we’re always looking for ways to enhance our service. We’ll definitely factor in the feedback. Have a great weekend.

      • Justsomeguy

        I can see where that would be a difficult thing to do, but it would be a great benefit. One of my greatest concerns is my back up being contaminated.

        • RF2000

          Hopefully Backblaze can address this concern. Otherwise a solution like Bitdefender’s Ransomware Protection, which I use, will hopefully prevent any file encryption.

        • dakishimesan

          Totally agree. I would pay maybe 50% more for the service if it included built-in malware scanning for backed up files.