A Good Backup Strategy: Your Best Defense Against Ransomware

February 2, 2017

Last year, cybercriminals attacked the California-based Hollywood Presbyterian Medical Center, encrypting files crucial in running the hospital’s operating systems and demanding a ransom to restore them to working order. The scam worked – after 10 days of futility, the hospital surrendered and paid $17,000 to regain system control.

Other hospitals, government agencies and businesses in the U.S. and abroad were targeted similarly last year, leading CNET to dub such ransomware scenarios as “the hot hacking trend of 2016.” And the numbers are truly staggering. Osterman Research estimates that nearly half of surveyed organizations have been hit with ransomware within the last year, and concludes that ransomware will amount to a $1 billion source of income for cyber criminals in 2016. In a recent report, Kaspersky Security states that in Q3 2016, a business was attacked by ransomware every 40 seconds, and that even after paying the ransom, one in five of them never got their data back.

Apple Users Now a Target

But while many ransomware instances go unreported due to embarrassment or the desire to not be targeted again, the attacks were thought to be largely focused on the Microsoft Windows software realm, leaving Apple users relatively unscathed. But that changed in 2016 when the first public ransomware targeting Apple systems was discovered by Palo Alto Networks, which found a popular BitTorrent client for Apple’s OS X software for Macs infected with ransomware. Known as “KeRanger,” the ransomware is delivered with a ransom note demanding 1 Bitcoin, which has a current market value over $700. Fixing the problem can also be complicated and time consuming.

Antivirus software also isn’t having an impact; by the time a computer is infected with ransomware, it’s likely that the antivirus software won’t detect it until it’s too late and the damage has been done. The encryption used by modern ransomware is often too good to crack, leading most security experts to conclude that the best approach to fighting ransomware is to avoid it in the first place.

Different Backup Approaches

It seems the most effective way for Apple users to safeguard their computer files from these nefarious attacks is through regular backups. And, in the event you are hit with ransomware, the solution would lie in simply restoring your system to the state it was before the malware hit your computer. There are several backup and restore approaches to consider for the Apple environment:

Time Machine is the backup software application distributed with the Apple operating system, introduced in Mac OS X Leopard. It was designed to work with various storage drives such as Time Capsule. But for Time Machine to be effective, files must be unlocked or closed, which may not be practical for those currently in use. In addition, there is the possibility of a two-step process within OS X that requires users to reinstall the operating system before retrieving the application and files from the backup image.
File System Snapshots simplify backup and recovery by taking a point-in-time virtual file system photo. But while this backup method can be employed to protect active operating systems, depending on files sizes, it can take significantly more time.
Disk Management Solutions can create image-based copies of a disk or partition (or multiple disks and partitions) whether active or inactive, at a specific point in time far more quickly. Such robust offerings have the advantage of being able to make consistent sector-level backups (also often referred to as Snapshots) even if data is being currently modified.

Thus, while there are different backup approaches to consider, the bottom line is that a regular, proactive backup strategy – potentially even a multi-pronged approach – is your best defense against crippling ransomware attacks. And while Apple users were once immune from such attacks, they too now need to join the rest of the computer world in being vigilant in protecting themselves. After all, like many things in life, when it comes to avoiding being held hostage by cybercriminals, an ounce of prevention is worth a pound of cure.

This article was originally published in our monthly newsletter, Today's Cybersecurity Leader. You can subscribe here.

Tom Fedro is President of Paragon Software Group Corp., an Irvine, Calif.-based provider of disaster recovery and backup software solutions for small business and mid-market enterprises, along with embedded file system driver technologies used by large manufacturers of consumer devices including Cisco, Belkin, Netgear, Seagate, Western Digital, ASUS, Hewlett Packard, and many others.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.