CryptoLocker and On-Line Backup Services

I have been writing about the latest threat, CryptoLocker, and promised I would report what ever Carbonite replied to my inquiry about whether CryptoLocker could encrypt online backups.  Here is what they said:

Computers infected with the CryptoLocker virus would indeed be at risk to having their online Carbonite backups also encrypted. In fact we see this on a daily basis unfortunately. Carbonite recognizes when a file previously backed up changes and automatically seeds it for backup. Assuming the client software is functioning normally, encryption of the files are a recognizable change that would trigger the automatic backup function within the client software. Backup usually takes place in as little as ten or fifteen minutes after the event is triggered. Because of the expediency that this encryption takes place after infection, there is little one could do on the client side short of severing the IP connection or freezing the backup before the pending upload begins. Our engineers have been aware of this particular issue and and working to make restoring after infection easier and more straight forward but as I am sure you would agree no matter what we do there is little that can replace responsible web browsing on the client side.

Careful reading reveals a sort of “good news/bad news” answer.  While CryptoLocker will not infected and encrypt backup files directly, the automatic backup software on your system will note the change to the files once CryptoLocker has encrypted them, mark them for backup, and begin to replace the originals in the backup trove with encrypted replacements.

The solution – pay extra for on-line backup services that offer something called “versioning.”  Versioning is when the backup system keeps older copies of files that have been changed.

Another solution is to copy all your files to an external drive and disconnect it when done and save it in a safe place.  You would need to do this again periodically to get files that have been changed.  This will not get all of your data back in the event on a CryptoLocker attack, but at least you will have most of it.

Or using the same sort of external drive, run a Windows backup manually, then disconnect and store the drive.  If you can remember to do this once a week you should be fine.

And make sure to download and install the CryptoPrevent application I recommended earlier.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.