How to stop ransomware: Backup can protect you, but only if you do it right

A few simple precautions can keep ransomware from draining you of cash and dignity.

petya ransomware logo

Ransomware has become a growing menance.

Kees van der Pot writes that he’s “afraid of ransomware and looking for a way to protect my backups.”

Most forms of malware hide their infections, but ransomware boldly declares itself and demands money or you’ll never see your beloved files again. And if you haven’t taken the right precautions ahead of time, your choices really are either pay the money or lose your files.

[Have a tech question? Ask PCWorld Contributing Editor Lincoln Spector. Send your query to answer@pcworld.com.]

Your best defense is to block the malware before it can infect your PC. Use an antivirus program, keep it running whenever your PC is on, and keep it up-to-date. Don’t click links or download files from suspicious emails—even if you think you know the person who sent it. Finally, be careful about downloading and installing software.

If ransomware strikes, only a good backup can save your files, your money, and your dignity. Not every backup is good enough, though.

As the ransomware quietly encrypts your files, your backup program will likely back up the files in their newly encrypted, and therefore useless, versions. So you need a program that does versioning—saving older versions of your files. That’s not too much of a problem. Most backup programs have this feature.

But even those older versions will be useless if the ransomware succeeds in encrypting all the files on your backup drive. That’s one reason why I recommend keeping the external backup drive connected to the PC as little as possible. Once a day, plug it in, run your backup program of choice, and safely remove it.

If you back up in the background to a NAS, back up the NAS regularly.

Cloud-based backup is always on, but the files upload slowly. While that pace can be annoying, it adds an additional level of protection: It could be days, or even weeks, before all of the encrypted files get into the cloud.

Carbonite’s Norman Guadagno told me that the cloud-based backup service “has been getting 500 calls a month” from customers hit by ransomware. “We help them identify a clean backup image and help them to a wipe and reinstall.” I assume that Carbonite’s competitors do the same.

Not that this is perfect. Your most recent work will likely be lost.

Will the ransomware authors find way to destroy cloud-based backups? Guadagno admitted, “I worry about that all the time.”

For the time being, cloud-based backups—and local ones where the backup drive is usually not plugged in—are safe. Hopefully it will stay that way.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Related:
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.