Comment by cm2187
10 years ago
If you have a working backup you are not really held hostage in the first place. But many people backup to an external drive or a NAS, which unless they happened to be offline at the time of the attack would also be compromised.
A backup is a copy of your files on another medium physically disjoint in space and not connected to the original in any way that you verify is correct after having written a copy.
Anything less than that is not a backup but a mirror and mirrors while useful are not at the same level of security that a backup is.
Some copies are backups, but not all of them and most copies on spinning or re-writeable media especially when they are networked are not actually backups. Somebody tell backblaze ;).
Large companies do have this sort of backups. But cryptolocker's target population is individuals and small businesses. Having to manually plug and unplug a drive every day is an unreasonable burden for this population, and may not even help if the drive is connected while the user is unaware of being infected. WORM NAS volumes or NAS volumes that do incremental snapshots behind the scene are a better solution but I am not aware that major consumer NAS manufacturers (Synology, etc) offer that.
So to make true backups, is one limited in practice to tapes and DVDs?
No, you can use spinning media just fine, as long as you take them off-line after making your copy and if they're in the same physical location to remove them from the premises.