CryptoLocker is a ransomware a malware
that silently encrypts data to ask for a ransom to decrypt them, a true source of headaches for most system administrators.
It’s believed the first version of CryptoLocker was released on September 2013 but other ransomware has been developed since then.
The encryption is very very strong, 4096-bit, and it’s simply impossible to get the data back without a decryption key.
You can pay the criminals but there’s no guarantee they’ll give you a working decryption key. We discourage to feed this criminal market.
Good backup and security practices are the only tools we have to protect ourselves and our customers from this threat:
- Data must be backed up with adequate cadence
- Good data retention policies are necessary, you need to be able to restore data at least two weeks old, better a month
- Backup integrity checks must be performed coherently with the backup cadence and the retention policies, in case of infection the corrupted files will be backed up at each execution
- The backup folders must be inaccessible to the normal users of your network, so Cryptolocker or other ransomware won’t be able to access them
- Never let CryptoLocker or other ransomware run as the domain administrator or other full-privileged accounts
- Educate the users! Seriously, this is the most powerful defense.. being able to restore the data encrypted by CryptoLocker or other ransomware won’t protect you from the costs of such operation. Restore times – and so costs – can be reduced but not eliminated, it’s better to prevent the infection rather than fix the damages
Most of the points are clear and straightforward. Maybe you are wondering how to create a backup destination that neighter a normal user nor CryptoLocker won’t be able to access.
We found two effective ways to create a secure backup folder for Uranium Backup
It’s up to you to select the schema more effective and efficient in your scenario.
Note: you need an Uranium Backup Base or higher for both the backup strategies.
We are going to show how to create a secure folder that only the domain administrator and the backup user will be able to access.
The backup user must be used uniquely by Uranium Backup, it’s a service account not intended to be used to work on the client machines. Then we’ll configure Uranium Backup to make it able to access the folder without sharing the access credentials with the local machine or the local user.
This backup strategy won’t let a machine infected by CryptoLocker or other ransomware to access the backed up data, making you able to restore it in case of disaster. Remember that the backup integrity must always be checked, accordingly with the backup cadence and the data retention policies.
Also note that if Cryptolocker or other ransomware infect a machine used by the domain administrator, gaining the maximum privileges, it will be able to access the secure folder.
Follow the guide
Click on the image to view all the steps in this guide
Another way is to save the data in a NAS through FTP. A NAS is the perfect device to store your backups and today’s products are able to work as FTP server. If you don’t want to purchase a NAS, you can build one using FreeNAS or install a FileZilla on a Linux or Windows machine (in the last case, restrict the access to that machine because if CryptoLocker infects it your backups will be damaged).
Using FTP, the backup folder doesn’t need to be shared and this forbids the access to both users and Cryptolocker.
This strategy is more simple and less prone to human errors but has one disadvantage: the FTP protocol slows down the backup operations, especially when the number of files to back up is really high.
We won’t show you how to enable and configure a FTP server on a NAS, for a simple reason: there are too many brands and models and the procedure is slightly different for any of them.
We are going to see how to configure the FTP destination with Uranium Backup.
Follow the guide
Click on the image to view all the steps in this guide