Backups Smackups, Prevention is the Real Key

Why Backing Up Your Data Won’t Work

Let’s be honest, backing up your data is important.  Maybe more so for some users than others, but important nonetheless.  However, backups are not the golden ticket when it comes to restoring data after a malware attack.  Although they could be useful in restoring your files after a malware attack occurs, such as ransomware; what happens when those backup files are also encrypted or disabled?  So much for that golden ticket.

A new form of fileless ransomware, Sorebrect, will specifically stop the backup services for BackupExec from Veritas, and backup software from Acronis.  Again, no golden ticket.

Are you protected?

What can users do to remain protected from malware threats?  There are two major pieces users must understand with their security solution.

  1. Does it block fileless malware?  This means the malware is executed through malicious scripting agents, such as CScript, WScript, PowerShell, etc.  Is your antivirus solution protecting you from these threats?
  2. Also, does it use a blacklist or whitelist approach?  Blacklisting security solutions treat unknown programs and files as safe and allows them to run, until they’ve been proven bad.  Therefore, all new malware variants that haven’t been proven bad, will run on a PC that is using an antivirus that only uses a blacklist approach.  Whitelisting treats all unknown programs as bad, meaning they will not run until they can be tested and proven safe.

It’s likely, your antivirus program is not preventing fileless malware.  It could be integrating minor pieces of whitelisting, but is it using that as its primary method of malware detection?

Why Prevention is Key

Often times, prevention is set on the back burner.  Users think, if they get infected, their security program will fix it.  But that is not the case.  The security program should prevent the malware in the first place.  If it doesn’t, the end-users are the ones that suffer.  When different forms of malware hit, remediation may not be possible.  If users are infected with ransomware, and their backups are either outdated, encrypted, or nonexistent — they’ll either be forced to pay the ransom, hoping to get their files back; or, start from scratch.  It should be noted, PC Matic does not suggest paying the ransom demand, as there are no guarantees users will get their files back after they pay the cyber criminals.

If you’ve checked your antivirus program and it does not protect you from fileless malware attacks, and is not using an application whitelist — it’s time to find a better solution.

(Visited 2,606 times, 1 visits today)

2 thoughts on “Backups Smackups, Prevention is the Real Key

  1. What this article fails to explain in enough detail is the importance of NOT having your backup device attached to your computer when you’re not using it. If your backup device is connected/mounted at the time that ransomware hits, then everything on that device will be compromised as well.

    • That’s a great addition PhoenixM! You’re correct that it is very important to keep a backup device that is disconnected from your computer. The typical recommendation is the 3-2-1 method. 3 copies of your data, 2 different locations, 1 copy located offsite. Using this practice can help keep your backups from being infected. Have a wonderful holiday!

Leave a Reply

Your email address will not be published. Required fields are marked *