Basic Ransomware Prevention: How Data Backups Can Save Your System From Hackers
"In the most recent hacker attack on the San Francisco transit system, hackers tried to extort $73,000 from the transit service in exchange for giving back control of their computer system. However, it all ended up relatively well because Muni had a backup of the system and, as a consequence, no customer data was stolen.
This article shows how individual macOS users can back up their systems to protect valuable data."
Over the past few years, millions of PCs from around the world have been locked or had their files encrypted as a result of devious malware.
According to Kaspersky Security Bulletin, in 2015 there were 1,966,324 registered notifications for attempted malware infections aiming to steal money via online access to bank accounts. Various ransomware programs were detected on 753,684 computers of unique users; more than 179,000 computers were targeted by encryption ransomware.
In April 2016, CNN Money reported new estimates from the FBI that revealed the costs from so-called ransomware have reached an all-time high. Cyber-criminals collected $209 million in the first three months of 2016 by extorting businesses and institutions to unlock computer servers.
Of course, those big numbers don’t usually affect us, regular users, but we still have our fair share of parasitic programs to be worried about.
One of the newest malwares looks like a pop-up message in Safari that signs: “Your Apple Computer has been blocked. Mac iOS alert! System might be infected due to unexpected error! Suspicious Activity Detected. Your Browser might be hijacked or hacked.” It gives you an 800 number to call and the person on the other end of the line offers you to share your screen and tries to sell you $200-cost security software.
That kind of ‘warning’ message is a common form of malware itself. The problem is that the pop-up appears every time you try to reopen Safari, and it’s impossible to dismiss the pop-up and then access Safari settings before the pop-up reappears. So how do you access Safari and make sure this doesn’t happen again?
Oddly, there’s no way to reset Safari’s settings from outside of the app. First, try the most standard ways to work around a malicious webpage in your browser.
- Launch Safari with the “shift” key held down. This should prevent Safari from opening the pages from the last session.
- Load Safari, then Control-click on its icon in the Dock and choose Force Quit. Try this a couple of times and Safari may get the message that there’s something wrong on startup and start without loading anything.
- Update to El Capitan or Sierra if you haven’t already. Apple added a lot more malware protection in the new OSes, including fixes that stop many browser-based hijack methods.
- Disconnect the computer from the Internet. If there’s no malware hosted locally, the pop-up can only be generated by loading a remote webpage that’s set as the home page. Open your Safari preferences and check, if your home page had been set to an unknown domain. Delete that URL from your Safari settings and turn the Wi-Fi connection back on.
However, the most efficient way to protect yourself is to back up your system to the state before malware hit your machine.
For example, the most recent hacker attack on the San Francisco transit system, in which hackers tried to extort about $73,000 from the transit service in exchange for giving back control of their computer system, ended up relatively well. That's because Muni, which runs San Francisco's bus, light rail and trolley car systems, had a backup of its system and, as a consequence, no customer data was stolen.
One of the most popular backup tools is Time Machine – the built-in utility for Mac, introduced with OS X Leopard. Time Machine works at the file level, which is inefficient when dealing with an active operating system and running applications. Files should be unlocked or closed for proper backup, which is not an option with most system files and those used by currently running apps.
Time Machine waits until user applications are closed and locked files become available to process, ignoring system files completely. That’s why OS X has a two-step restore procedure: The user first reinstalls the operating system before retrieving application and user files from the backup image.
There’s a better backup approach based on system snapshots, which considerably reduces backup and recovery times. Snapshot is like taking a photo of your file system, excluding changes made after that point. They will still be present on your hard drives and will be included with the future backups, but not the current one. That’s exactly why this is the only backup method that can be used to protect an active operating system. Additionally, although Time Machine waits until running applications are closed and locked files become available, the backup operation obviously takes more time than if it’s done with a snapshot-based utility.
To illustrate the difference, we performed an internal lab test, comparing the brand new Paragon Hard Disk Manager for Mac against Time Machine and another popular file-level backup solution (test results and graphics are available upon request).
Paragon HDM for Mac is designed to create instant copies of a disk (or several disks) at a specific point in time. This technology takes consistent snapshots of both inactive and in-use partitions. Unlike Time Machine, HDM provides snapshot-based backup and operates at the sector level, achieving superior performance and speed.
As you can see from the graph above, it takes Hard Disk Manager far less time to back up 9.15 Gb of information than Time Machine or a similar solution. HDM for Mac comes with improved snapshot technology, enabling consistent image backups even as the data is being modified at that moment.
So, if you want your Mac to be malware-proof – always back it up! By backing up your system, you save valuable information and a lot of time should you need to restore.