It is common to keep only two weeks or so of backups. They take a lot of drive space, so why keep dozens of old copies? Two weeks is all many cloud services keep for you.
Cyber-extortionists know this. They know that the best defenses against successful ransomware attacks are the victim's backups. So they've figured out a way around them.
Malware programmers have developed stealthy, persistent ransomware. It silently attacks your computers, sneaking in when someone opens an infected web page or is tricked by an alarming email.
For a week or so, these Advanced Persistent Threats (APT) do nothing. Then they seek out your older backups and start locking them up with encryption. Usually that sets off no alarms. No one accesses or checks old backup files.
Countdown to the attack from inside your system
APTs also start slowly encrypting your other older files, too, making it unlikely that you'll notice the changes. Meanwhile, your traditional backup system keeps making nightly backups that now include infected files in place of good ones. If your system only keeps a few weeks of backups, you are losing older files to the ransomware every night.
Sleeper Cell
The APT operates like a sleeper cell, lying in wait. After a few weeks, it decides to attack all your current files and backups. Now you notice there's a problem!
At first you feel you'll be fine because you have offsite backups. The malware couldn't touch them, right?
Wrong! They contain valuable files that were encrypted days ago by the APT before the backups went offsite. And your onsite backups are encrypted, too.
Faced with backups you can't trust, you'll have to consider paying a heavy ransom for your files. Now you're worried! There's no guarantee you'll get all your files back even if you give in to extortion.
What Can You Do about APTs?
Your first defense is a state-of-the-art antivirus, antimalware, antiransomware service. We recommend Webroot Security, available through our website.
Your second line of defense is many generations of cloud backups. They will allow you to recover all files as they existed before the ransomware began to encrypt files. Since your backups are unreachable in the cloud, they are safe. You still may have the problem of the files you created or changed after the ransomware went to work for a period of weeks. That may require restoring multiple days of backups and then sorting encrypted ones from good ones.
Our SecureMyFirm backup service safely preserves each day's new and changed files. They are uploaded to our enterprise data centers, safe from attacks that may penetrate your computers. The latest version of every file is retained indefinitely. Deleted files and old versions are retained for a year (or less at your option).