Ransomware 101 – precautions are up to you

A lot of ink is being spilt over Ransomware this month, the cyber threat de jour. This week alone, I counted 5 articles bemoaning how the authors had to pay to have their files released. I’m a bit baffled by this. They seem to be surprised they were hit by a nasty virus and that by not backing up all their vital files, they were left vulnerable. I’m sympathetic, to a degree, but deeply irritated by the naiveté. Storing 10 years’ worth of files on your computer and not backing it up is foolish to the point of stupidity. The least of your worries are hackers. I can understand if it’s someone who isn’t in the industry or doesn’t make a living with their computer, but professionals who live and die by their computer?

I operate under a couple of assumptions:

1 – At some point in time, I will screw up and become infected.
2 – No antivirus/malware/firewall is 100%. There is an army of criminals out there looking for flaws.
3 – Computers fail – a lot. When you least expect it, your system could crash and take everything with it.
4 – Anything I value MUST BE BACKED UP to an outside source because of #1, 2 and 3.

It’s pretty basic. I know I drive a few of my customers nuts occasionally by harping at them about “back up back up backup” and “have faith if you wish, but not in computers. The little bastards will turn on you in a heartbeat” I tell my customers there is never a guarantee when you are dealing with computers and the internet. The onus is on them to back up everything on a regular basis. I’ve dealt with machines that have ransomware and know how devastating it can be to lose everything. Those photos of someone who’s died, that paper you could never recreate, emails – all gone in a blink of the eye. Without a proper backup, there may be no way to recover the material.

I back up my primary files onto an external hard drive and never leave it plugged into my system. If I were a hacker, the first think I’d look for are externals that hold all the backup data. I back up, unplug and put it back on the shelf. I also scan the external on a regular basis, just in case something sneaks through. I also back up day to day files to a cloud account. These are files I need on a daily basis, templates, photos etc. If the account is hacked, there is nothing that can’t be duplicated or put back up. It would be a major pain in the ass, and I’d be spitting nails for weeks, but I’d survive.   I don’t store passport info, credit card info or any private details on my cloud space or on my Surface tablet. I have a healthy respect for the skills hackers possess and know all too well how easy it is to open your computer and find nothing there. When I’m working on a project, I’ll backup the work to a USB drive at the end of the day and store it in the cloud as well. About 3 months ago, I accidently deleted a major brochure I was working on. 23 pages of magnificence trashed in a heartbeat because I was focused on my espresso and not on what I was doing.   I know I do daft things occasionally, so I’m prepared.

I also back up crucial files to a third source – another hard drive, just in case of catastrophic failures. These files include photos I could never get back, templates that take forever to write, manuscripts and docs. Paranoid? You bet your ass. I had a customer, about 5 years ago, who had a house fire. His laptop and backups suffered terrible water damage. But he was infected with my paranoia and backed his files up to an external source and stored them off site. He was completely dependent on his computer for his work.   We spent a lot of time discussing the possibilities of multiple failures. Chances of it happening? Astronomically remote. But he was willing to spend a bit of money and time ensuring he was secured. Because he stored his files off site, he simply retrieved the external, bought a new laptop and plugged back into work. At most, he lost a day or two of files. Nothing crucial. Was he lucky? Not a chance. He was prepared.

Always assume you can lose everything and take whatever steps are necessary to protect your data.