I have been writing about the latest threat, CryptoLocker, and promised I would report what ever Carbonite replied to my inquiry about whether CryptoLocker could encrypt online backups. Here is what they said:
Computers infected with the CryptoLocker virus would indeed be at risk to having their online Carbonite backups also encrypted. In fact we see this on a daily basis unfortunately. Carbonite recognizes when a file previously backed up changes and automatically seeds it for backup. Assuming the client software is functioning normally, encryption of the files are a recognizable change that would trigger the automatic backup function within the client software. Backup usually takes place in as little as ten or fifteen minutes after the event is triggered. Because of the expediency that this encryption takes place after infection, there is little one could do on the client side short of severing the IP connection or freezing the backup before the pending upload begins. Our engineers have been aware of this particular issue and and working to make restoring after infection easier and more straight forward but as I am sure you would agree no matter what we do there is little that can replace responsible web browsing on the client side.
Careful reading reveals a sort of “good news/bad news” answer. While CryptoLocker will not infected and encrypt backup files directly, the automatic backup software on your system will note the change to the files once CryptoLocker has encrypted them, mark them for backup, and begin to replace the originals in the backup trove with encrypted replacements.
The solution – pay extra for on-line backup services that offer something called “versioning.” Versioning is when the backup system keeps older copies of files that have been changed.
Another solution is to copy all your files to an external drive and disconnect it when done and save it in a safe place. You would need to do this again periodically to get files that have been changed. This will not get all of your data back in the event on a CryptoLocker attack, but at least you will have most of it.
Or using the same sort of external drive, run a Windows backup manually, then disconnect and store the drive. If you can remember to do this once a week you should be fine.
And make sure to download and install the CryptoPrevent application I recommended earlier.Share