Backup, Backup, Backup, Clone and Protect

 

Last month I was out of town for a few days. I brought my laptop with me. I depend on it every day. The first day into my short trip I received an unnerving email. This is a summary:

“I’m a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.”
…  You are not my only victim, I usually lock computers and ask for a ransom.” 

I had fallen victim to a “Ransomware” attack. I had 48 hours to make a payment or my laptop would be encrypted.

What made this email feel very threatening and “legitimate” is the fact that the password they intercepted was included as part of the email. I recognized it as one of my passwords.

Photo by G. Crescoli on Unsplash
You may have heard about Ransomware attacks in the news or elsewhere. The US Government defines these attacks: “Ransomware is a type of malicious software, or malware, designed to deny access to a computer or data until the ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.”

I was worried.

Sure, I had a backup to an external disk – at home in Massachusetts. And most of my files are uploaded to either Dropbox and iCloud – but would all of this be enough? Would the threatening malicious code be transferred to my backup? I wasn’t sure. But I was sure that I was not going to pay any ransom!

This is the first time I had received a ransomware threat. I knew right away what it was – but was unsure about what to do, and since I was out of town, I felt even more vulnerable.

After I cleared my head – this is what I did.

I forwarded the email (probably shouldn’t have done that!) to a trusted, knowledgeable friend to ask for advice. I wanted him to tell me not to worry – but instead, he suggested I take it seriously and gave me a few short-term suggestions. I also forwarded the email to my webmaster who responded a few hours later telling me it was a scam, delete the message, and not to worry about it.

Needless to say – it could have gone either way. I only received one additional threatening message, the 48 hours passed, and I was never locked out of my laptop.

Bottom line – it was a huge wake-up call. I needed to enhance my backup process, add virus protection, and do it quickly!

When I got back home and the dust settled, this is what I did:

  1. Since I am a Mac user, I continued to use Apple’s Time Machine application that constantly backs up my laptop to a dedicated external disk drive. I tested recovering a few files just to make sure it was working as expected. I consider this my primary backup.
  2. I did the same thing with iCloud. I checked all my settings and made sure that everything was configured correctly. But even Apple admits that iCloud isn’t a true backup service. It’s more of a “device syncing service.” If you have multiple Apple devices, it’s an easy and automatic way to access your files from all of your devices.
  3. I added a cloud backup service. For a few dollars a year I added another remote backup. This is important because my Time Machine backup drive could be damaged or destroyed if anything happened to my home, such as a fire or flood.
  4. I now also have a clone of my laptop which is a complete, bootable copy of my laptop disk. This required investing in another software program, but after this scare (and sleepless night), I think it’s worth it.

My trusted friend recommends four levels of backup which, in my case, now includes all of the above. You can never have enough backup protection!

In addition, I installed virus protection software. Years ago, I ran virus protection software on my Mac, which slowed down my machine. Instead of researching a better product, I got lazy and decided not to renew it. Bad decision!

In the past, it was believed that Apple computers didn’t require virus protection – but that’s no longer accurate advice. Every computer should have virus protection software running in the background, all the time.

When was the last time you reviewed your backup procedures?
If you can’t remember, my advice is to do it today!

Have you ever experienced a cyber attack? Please share what you learned in the comment section below.

TA-DA Tip of The Month

Here are a few simple steps to consider that can protect you from the bad actors out there who can remotely access your computer and wreak havoc. Think about it, every time you connect your computer to the internet you’re at risk.

When reviewing your security habits, at a minimum I suggest considering the following:

  • Your password security. Ironically, in my case, I recently started using a password manager to enhance my password security. Reusing the same password on multiple sites is just asking for trouble. Don’t do it. There are a number of password managers out there. Most have free trials, so you can try first and decide which fits your needs best.Photo by rawpixel on Unsplash
  • Avoid using public networks. If you must connect to the internet in an airport or at your local coffee shop, it’s best to connect using a Virtual Private Network (VPN) service which keeps your connection private and doesn’t allow others to intercept your data.
  • Secure your home network. Don’t use the settings supplied by your internet provider on your home internet router. Change the default network name and password.
  • Keep the software on all personal devices up to date. As software manufacturers discover vulnerabilities in their products, they’ll supply software updates. Don’t delay installing these updates or set up the ability to update automatically (which is easier).
  • Be suspicious of emails from those you don’t know. Much like the email I received, phishing emails currently create the highest risk to the average user. The goal for most phishing emails is to gather personal information, steal money, or install malware on your device.

These are just a few suggestions and a good start.

If you google “How to improve laptop security” or something similar there are a number of articles that offer step-by-step instructions and suggestions from experts in this space. TaDa!

6 comments to Backup, Backup, Backup, Clone and Protect

  • Bruce Evans

    Good post, Diana. I recently read an article about password hacking and ransomware that referenced a tool that determines whether your password was part of a known data breach. It’s a link to a website called “haveibeenpwned.com” Apparently, people are getting a ransomware email that shows you that they know your password and have access to all your data. To the average person, it looks legit because they know your password, even though it probably is a bluff. It suggests using this tool to determine which passwords were breached and to create a new password, then store passwords in an encrypted password manager such as LastPass.

  • LJ

    Thanks, Diana. That’s all good info. I use Carbonite for
    my off-site storage and have been happy with them. I pay three years at a time. I never knew there was actually a
    “ransom”!

  • Good advice. I actually had my laptop (Dell) frozen with a message that my Microsoft system had been corrupted. I was instructed to call a toll free number that would connect me with an authorized Microsoft tech.
    I became suspicious of the way he could take over my system and I stopped the call and closed my laptop. Good thing I did. He was just setting me up to capture my passwords. BTW, I did receive some ransom request with my correct password in my junk mail file. I deleted them all.

    • Well, your instincts were right Tom. That’s half the battle. We all need to be diligent and educate ourselves about how to react and manage these situations. Because unfortunately, they are happening more often than ever. Thanks for sharing your experience.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>