I got a call a couple of days ago from a relative in a panic -- all of their documents, images, etc. suddenly had new random file extensions and could not be opened. Did I know what had happened and how to fix it?
Unfortunately it was all too obvious what had happened and there was no easy fix.
They had fallen victim to a ransomware virus -- some variant of CBT
, and the only real way to recover the files was to pay the criminals (they wanted ~ $600 USD) to provide a password to decrypt the files.
What made this attack particularly damaging is that this relative, who is pretty computer savvy and a heavy pc user, had a bunch of additional hard drives connected to the pc -- a few backup drives, some download archive drives, etc.
And the virus encrypted everything on all drives. Ouch.
And that's what brings me to this post.
Many of us who perform frequent backups may get lazy and leave our backup drives (with backup drive images, document backups, etc.) connect for prolonged periods.
This is a huge risk when it comes to things like viruses/trojans/ransomware.
While there are lots of things you can do to protect yourself from being attacked, one thing all of us who regularly make backups should do is keep external backup drives DISCONNECTED except when being used to update our backups.