I've been meaning to start a regular PC backup schedule for a while now, but I always had trouble actually motivating myself to do it. Since I was intending to take offline backups on an external drive, there was a bit more of a time commitment than setting up a syncing service like Carboninte or similar, but I think the benefits are really worth it. Creating disk images of my hard drive mean I have not only my data, but Windows, my boot sector, and everything else I should need if I ever experience a catastrophic failure.

The release of Windows 8.1 seemed like a pretty good time to finally start taking backups, since that way I could recover my old system's stae if some part of the upgrade went horribly wrong. I didn't finally get motivated enough to actually put my plan into action until the day of release, though, and it was actually for a completely unrelated reason.


Digital extortion

Ransomware is a particularly nasty form of malware that hasn't seen as much of the public spotlight until somewhat recently. Ars Technica has written several articles about the spread of ransomware over the last few months though, all of which are definitely worth reading (the most recent being this one). A somewhat simplistic explanation of ransomware is that it is a malicious program that infects your computer, similar to any other virus or malware that you might get. Most of the cases I've seen thus far have propagated via email attachments, reinforcing the idea that you should really never open attachments that have executable files unless you can truly verify the identity of the file.

The difference between ransomware and other malicious programs is that the file doesn't attempt to hide out on your computer and steal your bank accounts, or turn your computer into a node in some kind of shadowy international botnet. They do something much more devious and potentially quite damaging.

When a malicious piece of ransomware is executed, it sets out to encrypt all of the personal files on your computer. This could be pictures, documents, or really anything that it can get to without having to ask for elevated privileges (since that would be suspicious). Many common forms of strong encryption are used, often employing RSA as the encryption algorithm with a sizable key bit length, and when the encryption is done the private key needed for decryption is stashed on a server that belongs to the malware's creator. At this point, all of your personal files are inaccessible, because you cannot decrypt them without the key.

The money making part of this scheme comes into play after the encryption is finished. Usually the ransomware will display a window informing the victim that their files are now encrypted, and demanding payment within a specific timeframe in order to retrieve the decryption key. If you don't pay up, the message states, then your private key will be erased from the server and your files will be gone forever. Inevitably, many people will cough up the money, and these schemes have brought in an estimated $5 million a year.

The benefits of backups

So what happens if you get hit by one of these nasty infections? Well, with a proper backup, you can avoid paying the attacker and hopefully only lose a minimal amount of work. I'm figuring that if I take a backup roughly once a week, then I won't stand to lose too much were my hard drive to fail, so the same could apply to a ransomware infection. Sure, it's still a pain, but it's better than losing everything completely.

Why not do online backups, then, that can automagically sync your files to the cloud or some other location? These are great tools, no doubt, but there are some sticking points that you may want to consider. One is time: if you back up your data to an external drive, then you can retrieve it much more quickly than if you need to grab all your files off of the Internet. If you absolutely need your files back now, consider putting them on another drive.

Another problem that Ars's ransomware article touches on briefly, is that infections can propagate over networks. If you do find yourself unlucky enough to be hit with ransomware (or some other malware) then a backup stored on a network drive could end up getting infected as well. In fact, that's exactly what happened to the infected machine in the article:

Because CryptoLocker encrypted all files that an infected computer had access to, the ransomware in many cases locked the contents of backup disks that were expected to be relied upon in the event that the main disks failed.

Many online backup systems will keep "revisions" of your files, but still, an infected file may end up getting synced to your cloud storage, and then you could be in trouble if you didn't have your account set up correctly. Still, in the case of a drive failure, an online backup is better than nothing. If you can't be motivated to do offline backups, consider investing in a networked/cloud solution.

So even though it's a bit more time consuming, and it requires me to actually take the time to kick off a backup myself, I'm deciding to go with fully offline disk images via Clonezilla. I run the backup overnight and it takes about 4 hours. Once the backup is finished it automatically shuts down my laptop, and in the morning I unplug the drive and store it for later in a fire box.

I hope that I'll never find myself in a situation where I'll need to use it, but as with any emergency prevention, it's better to have it and not need it than to need it and not have it. If you have files you don't want to lose, take a weekend to come up with a backup plan. You'll be glad you did.