The solution to CryptoLocker and ransomware: prevention
CryptoLocker is a ransomware – a malware – that silently encrypts data to ask for a ransom to decrypt them, a true source of headaches for most system administrators. It’s believed the first version of CryptoLocker was released on September 2013 but other ransomware has been developed since then.
The encryption is very very strong, 4096-bit, and it’s simply impossible to get the data back without a decryption key. You can pay the criminals but there’s no guarantee they’ll give you a working decryption key. We discourage to feed this criminal market.
Good backup and security practices are the only tools we have to protect ourselves and our customers from this threat:
- Data must be backed up with adequate cadence
- Good data retention policies are necessary, you need to be able to restore data at least two weeks old, better a month
- Backup integrity checks must be performed coherently with the backup cadence and the retention policies, in case of infection the corrupted files will be backed up at each execution
- The backup folders must be inaccessible to the normal users of your network, so Cryptolocker or other ransomware won’t be able to access them
- Never let CryptoLocker or other ransomware run as the domain administrator or other full-privileged accounts
- Educate the users! Seriously, this is the most powerful defense.. being able to restore the data encrypted by CryptoLocker or other ransomware won’t protect you from the costs of such operation. Restore times – and so costs – can be reduced but not eliminated, it’s better to prevent the infection rather than fix the damages
Most of the points are clear and straightforward. Maybe you are wondering how to create a backup destination that neighter a normal user nor CryptoLocker won’t be able to access.
We found two effective ways to create a secure backup folder for Uranium Backup:
It’s up to you to select the schema more effective and efficient in your scenario.
Note: you need an Uranium Backup Base or higher for both the backup strategies.
We are going to show how to create a secure folder that only the domain administrator and the backup user will be able to access.
The backup user must be used uniquely by Uranium Backup, it’s a service account not intended to be used to work on the client machines. Then we’ll configure Uranium Backup to make it able to access the folder without sharing the access credentials with the local machine or the local user.
This backup strategy won’t let a machine infected by CryptoLocker or other ransomware to access the backed up data, making you able to restore it in case of disaster. Remember that the backup integrity must always be checked, accordingly with the backup cadence and the data retention policies.
Also note that if Cryptolocker or other ransomware infect a machine used by the domain administrator, gaining the maximum privileges, it will be able to access the secure folder.
The first step is to create the backup user:
Then create the backup folder. In our example we used a Windows-based file server but it’s possible to use a Linux-based NAS without changing the backup strategy.
Share the folder:
Then open the Advanced settings of the Security tab:
Disable the permissions inheritance:
The permissions entry box will be empty. Add a new permission Entry to allow Full Control to the domain administrator:
Then allow Full Control to the backup user:
The backup destination is ready. Now open Uranium Backup and install the service specifying the backup user as the service account:
Note: you must allow the backup user to access the folders containing the data you need to back up. The backup user access credentials must never be specified as the access credentials of Uranium Backup element or destination paths. As only the service is configured to run under the backup user, only the scheduled backup will be able to access the secure folder. Any manual execution will fail to access the folder.
Another way is to save the data in a NAS through FTP. A NAS is the perfect device to store your backups and today’s products are able to work as FTP server. If you don’t want to purchase a NAS, you can build one using FreeNAS or install a FileZilla server on a Linux or Windows machine (in the last case, restrict the access to that machine because if CryptoLocker infects it your backups will be damaged).
Using FTP, the backup folder doesn’t need to be shared and this forbids the access to both users and Cryptolocker.
This strategy is more simple and less prone to human errors but has one disadvantage: the FTP protocol slows down the backup operations, especially when the number of files to back up is really high.
We won’t show you how to enable and configure a FTP server on a NAS, for a simple reason: there are too many brands and models and the procedure is slightly different for any of them.
We are going to see how to configure the FTP destination with Uranium Backup.
Add the elements you want to back up and then click on Click here to add an FTP destination:
Specify the access data for the FTP server:
You’re ready to perform your first backup: