Today Mikko Hypponen gave a very inspiring keynote at the CCS 2013 conference in Berlin. Maybe someday I will manage to distil his keynote (and the one by Jacob Applebaum yesterday) into another blogpost. However, during his talk he mentioned something that I'd like to share here immediately.
Mikko mentioned that one of the two main sources of income for cyber criminals these days is ransomware (the other is running bitcoin mining botnets). This ransomware encrypts all our files on your harddisk, that can only be decrypted if you buy the decryption key from the attacker. It will do the encryption in the background, and once finished will open a dialog box on your screen instructing you what and how to pay.
If you make regular backups, you don't need to agree to that 'offer' of course. Instead you just restore the still unencrypted files from your last backup. However, Mikko noted that these ransomware programs not only access your local harddisc. They also access any drives that are attached to your computer, either over USB, or in your (local) network. This means that if you make backups on a USB harddisk, or a Network-Attached Storage (NAS), the backup files will also be encrypted! Practices to use TimeMachine to make backups on a networked device over WiFi, for example, are therefore insecure.
So if you make backups, be careful to disconnect the drive after the backup. Either unplug it (if it is a USB device), or dismount it (and require at least password access to remount or access the NAS). In other words, make your backups on an offline device.
What is the network attached back-up is already encrypted by the user and the disk is locked with a pass phrase? Will that make it harder to attack, or can she add another encryption layer on top?
Even if the backup is already is encrypted by the user, the ransomware will add another layer of encryption, making the backups unreadbale and thus useless. Locking the disc with a passphrase helps, as long as the passphrase is not somehow cached, and if the connection is dropped right after the backup. This requires a conscious action by the user, typically, so this is risky.