Today Mikko Hypponen gave a very inspiring keynote at the CCS 2013 conference in Berlin. Maybe someday I will manage to distil his keynote (and the one by Jacob Applebaum yesterday) into another blogpost. However, during his talk he mentioned something that I’d like to share here immediately.
Mikko mentioned that one of the two main sources of income for cyber criminals these days is ransomware (the other is running bitcoin mining botnets). This ransomware encrypts all our files on your harddisk, that can only be decrypted if you buy the decryption key from the attacker. It will do the encryption in the background, and once finished will open a dialog box on your screen instructing you what and how to pay.
If you make regular backups, you don’t need to agree to that ‘offer’ of course. Instead you just restore the still unencrypted files from your last backup. However, Mikko noted that these ransomware programs not only access your local harddisc. They also access any drives that are attached to your computer, either over USB, or in your (local) network. This means that if you make backups on a USB harddisk, or a Network-Attached Storage (NAS), the backup files will also be encrypted! Practices to use TimeMachine to make backups on a networked device over WiFi, for example, are therefore insecure.
So if you make backups, be careful to disconnect the drive after the backup.
Either unplug it (if it is a USB device), or dismount it (and require at least password access to remount or access the NAS). In other words, make your backups on an offline device.