Congratulations on backing up your PC—but you aren’t as safe as you may think you are. Files on your backup drive can be just as vulnerable to disaster as files on your main system are. Most recently, CryptoLocker demonstrated that an external drive connected to a PC—a secondary hard drive, for example, or an external USB hard drive used for backup—could fall victim to ransomware just as easily as the PC on the other end of the cable.
“A lot of people got burned by CryptoLocker because their attached backup drives were also encrypted by the Trojan,” says Dwayne Melancon, CTO of enterprise security company Tripwire. “CryptoLocker encrypts local data files, but it also looks for attached storage devices, network shares, and other storage locations connected to your computer.”
Don’t let a CryptoLocker-style catastrophe happen to you. Here are a few options for protecting your backup drive against such attacks.
Disconnect your backup data
Marc Maiffret, CTO of security software firm BeyondTrust, sums up the most common-sense solution: “Make sure to back up to a media that can be removed physically from your system and stored offline.”
This approach is less convenient, of course, but it’s a good habit to form for a couple of reasons. First, it moves your backup data out of harm’s way if ransomware ever infects your PC. Second, if you store the backup media in a fire safe—or better still, offsite in a safety deposit box, the backup may survive even if a natural or unnatural physical disaster destroys the original data.
One option is to back up your data to less-volatile media such as recordable CDs or DVDs. Once a recording session is finalized, the data should be safe from malware threats even if the disc remains in the drive. The downside of using optical discs is the media’s much smaller storage capacity compared to a modern hard drives, meaning that performing a full backup may require multiple discs.
Back up to the cloud
Rather than backing up locally, consider using the cloud. Cloud backup applications generally run as a background service that the system doesn’t view as an attached or networked drive. As a result, malware threats are unlikely to spread directly to cloud backup.
Most modern backup systems use a proprietary storage format for further protection. “This makes the backed-up files unable to be read or written to by common malware,” says Paul Lipman, CEO of Total Defense, which sells online backup services as well as antivirus and security software. “It doesn’t mean it’s impossible—it’s just highly unlikely. Malware generally works by attaching to existing files on the system; and in cases of proprietary storage formats, the malware would not be able to infect the backup directly.”
Note, however, that most cloud backup services automatically sync and update data. If your local PC is compromised, you’ll want to disable the service to prevent the compromised data from overwriting your good backup data.
Back up multiple versions
The most effective way to safeguard your backup is maintain more than one copy of your data.
There are two ways to do this. First, most security experts recommend backing up your important data to more than one location. For example, back up to an external USB drive that you disconnect when it’s not in use, and also use a cloud backup service. That way if infection or physical disaster compromises either backup, you’ll still have a good copy of the data.
The second way is to maintain version histories of your files: Save multiple backups from different points in time, and choose a cloud backup service that stores more than just the most recent backup, so you can restore data from a time before the compromise occurred.
“I go a step further and also create several generations of local and off-site image backups of my computer, so I can quickly restore one of them if my system is lost, compromised, or otherwise unusable,” Tripwire’s Melancon says.
Your backup drive needs a backup plan. Without one, you’re not much better off than if you’d never backed up in the first place. Follow one of the methods laid out here to ensure that your backup will be there—in readable form—when you need it most.