The Cryptolocker ransomware has created headaches for businesses everywhere, but as we described in a previous blog post, data backup is the best tool IT managed services providers can use to recover encrypted data. The story of one Intronis partner who dealt with cryptolocker demonstrates just how valuable offsite data backup can be to recovery.
Damian Barry, president of Global Business Technologies in Norwood, Massachusetts, offers tailored managed services, backup and recovery, and virtualization solutions to businesses in the Greater Boston area. He recently took a call from a client who received the infamous cryptolocker pop-up screen and countdown timer.
The warning tells users that their files have been locked up with several layers of encryption and are being held hostage for $300. If the ransom is not paid in time, the lone private key that can decrypt the files is destroyed, and the data is lost forever.
Naturally, this was a concern to the client, who considers their data ‘business critical’.
Global’s first step was to investigate the extent of the infection.
“We took the machine off the network and realized that the machine itself didn’t have anything valuable on it, but we wanted to double check because we had heard it can go across the network,” Damian explained.
That’s when they realized the virus had indeed encrypted the client’s local files and had spread to the network share. Fortunately, no personal information was compromised, but important worksheets and policies were affected, including Office documents and Excel spreadsheets.
That’s typical for cryptolocker, which appears engineered to search for and encrypt common business file extensions, including .doc, .ppt, .xls, and .accdb.
The next step for Global was to strategize a recovery plan. That’s when Global’s offsite backup solution came through, allowing the solution provider to restore the files to older, uninfected versions.
“We were backing up the server and were able to recover the network share pre-encryption,” Damian sad. “We went back in time to a good backup a day or two before.”
The speed of recovery also meant Global’s client was up and running again in short order.
“It took an hour or two to recover everything. There was more time spent just trying to strategize than actually doing the recovery,” he explained.
Global backs up this particular client’s data every night. The frequency of this backup strategy meant the data restored was as recent as possible, reducing the impact the incident could have had on this client’s business.
Intronis recommends MSPs back up as frequently as possible, especially in light of malware threats like cryptolocker. As Technical Support Engineer Josh Berkowitz-Geller wrote in a recent blog post, more file revisions means a better chance to retrieve an uncorrupted version of your client’s file. And our Intelliblox change block trading technology makes it economical to store unlimited file revisions.
As for Global Business Technologies, the client is back on its feet. With offsite backup in their toolkit, Global was able to save a client from lost productivity. And $300.
From Damian’s perspective, there’s still a limited awareness among businesses with regard to cryptolocker. But given the nature of this type of malware, Damian has changed the way he talks to his clients about data protection.
“It’s definitely changed the conversation, whereas before [malware] was kind of a nuisance, this can be much more disastrous,” he said.