Do you backup your data regularly? Is your backup on an external drive or cloud server? Do you even have a backup less than a week old?
If you answer “no” to any of these questions, you could have a catastrophic failure waiting to happen.
For one of our Adagio clients, the catastrophic failure came this past week. They were lucky. It could have been much, much worse.
On Friday, October 24 at 4:45 PM, I got an email from the client that said:
“Can you tell me what this is? It showed up in our Adagio folder on October 17, 2014.”
What happened to your files?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 2.0.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
CryptoWall 2.0 is the second iteration of a Trojan virus that is commonly referred to as ransomware. The virus scans your computer and encrypts personal files on your hard drive and on any mapped network drive. The encrypted files are rendered inaccessible without the key. If you want the key, you have to pay the ransom, typically starting at $500 and going up exponentially the longer you wait. Your options are to either pay the ransom or have a computer security specialist remove the virus and restore a backup of your data that pre-dates the virus infection of your PC.
The Register posted this article http://www.theregister.co.uk/2014/10/23/cryptowall_malvertising_outbreak/ which states that more “than 830,000 victims worldwide have been infected with the malware, a 25 per cent increase in infections since late August when there were 625,000 victims”.
The client had anti-virus software running but it didn’t catch it initially. It somehow managed to get onto their shared drive with all of their accounting data and encrypted every known file type. We believe Adagio’s proprietary file type was the only reason it remained unencrypted. The client was very lucky.
We managed to clean the infected machines and make new backup copies of the Adagio data. The client still lost all the PDF report files and all the MS Office documents stored on that drive. They had a mirrored backup that was basically an image of everything in real time. It was constantly being overwritten and therefore it was infected too. As a result, they didn’t have a proper archived backup. If the Adagio data had been encrypted, they would have had to restore from a backup we had taken on our last visit over a month ago. Could you imagine having to recreate all the work you did for over a month?
Because of this incident, we proposed to the client a number of measures to protect themselves from future attacks. With today’s cloud-based backup options and the ability to automatically schedule tasks in Windows, there’s really no excuse to not have proper backups. It truly is “set it and forget it” technology now. Backup tapes and having to remember to bring drives home or to a safety deposit box are things of the past. But you’d be amazed at how many of our clients do not have a proper backup they can restore. A lot of them may think they do. But very few of them actually test their backups periodically. Even fewer have offsite backups or a backup on a different device not connected to the network or computer.
If you know someone that doesn’t have backups in place, please give them my contact info. We can advise on different options the client can use. And for smaller clients, there are less expensive options that should fit their budget. After all, they pay for insurance right? Backups are insurance for your data, to ensure business continuity when a disaster occurs. Encourage them to put this insurance in place now rather than after a catastrophe, when it’s too late.
Adagio Consultant and Reseller