It appears that large companies getting attacked, and their data held for ransom, is all the rage right now. First, Garmin had to shut down many of its services for more than just a few days, and it now appears that Canon is in the same sticky situation. Let’s take a brief look at what happened in these Ransomware attacks, and more importantly, what we can learn from it.
What even is ransomware?
According to Wikipedia, ransomware is “a type of malware that threatens to publish the victim’s data or block access to it unless a ransom is paid”, hence the name. That ransom usually comes in the form of bitcoin or other cryptocurrencies. Which makes perfect sense if you prefer not to be tracked.
It appears that Canon got threatened with both of those scenarios. The full double whammy. A group calling itself Maze is claiming to have stolen 10 terabytes of data and have encrypted numerous files on Canons systems. Let’s not beat around the bush. Ransomware is a scam and the attackers are nothing more than scammers trying to make an easy buck.
I don’t want to, and also can’t go too far into what happened to Canon. Mainly because the details are still unravelling, and I don’t want to give away any false information. It is entirely possible that Canon will have to pony up to get their data back.
In the case of Garmin, they reportedly ended up paying the multi-million ransom to decrypt the data. It was either that or losing a bunch of customers and risking being sued. As Garmin stores a lot of health-related data and data on when their users are out running or biking, it must have been an especially tricky situation for them.
Ransomware targets everyone, even you
Ransomware scams aren’t just aimed at large companies such as Garmin and Canon (or more recently, Manchester United). The payoff is obviously a lot higher if you can take out a multinational company, but there’s also money to be made from scamming individuals. Especially if you can infect many computers in one go, as was seen with the WannaCry attack.
These scams started appearing in 2012 and despite taking a dip in 2016 and 2017 they’ve been back with a vengeance since 2018. Ransomware doesn’t exclusively target computers any more, and there have been cases of ransomware on iPhones and Android phones.
Prevention is key
As with any type of malware, prevention is the best way of avoiding these types of scams. Don’t open any email attachments from unknown senders, don’t download and install pirated software, and don’t click on random links you might see on the web. And it goes without saying that you should always keep your operating system and anti-virus up to date.
You don’t even have to pay for anti-virus software any more, as Windows Security is actually pretty decent and almost certainly already installed on your system. That is, if you aren’t a Mac user. And yes, Macs can also be infected with ransomware, but their occurrence is much rarer. And as I’ve not used any Apple products for the past decade, I’m not in the position to give you any advice on how to avoid malware on macOS.
But even if you follow these rules, you might be at risk. The WannaCry worm which made headlines for affecting the NHS, among others, travelled across networks without any user interaction. Basically, we’re all at risk, all the time.
What ransomware does to your data
So, what does ransomware do to your computer when it’s infected? Ransomware will go through all of your files and encrypt everything. Alongside your now encrypted files, you will generally find a text or HTML file telling you to pay a certain number of bitcoin into a certain account belonging to the attacker. Once the ransom has been paid, you will generally receive the key to decrypt your files.
Either that, or the ransomware will steal all of your data and upload it to the attacker’s system. In that case, they will threaten to publish the data if you don’t pay up. But it’s generally the former option which is meant when speaking of ransomware. Having ransomware encrypt a victim’s data is much more efficient than uploading it all to a server.
Ransomware could destroy your photography business
In terms of photography, this could obviously be devastating. Image all of your photos from your travels, photos of your kids growing up, and all of your memories stored as images suddenly being inaccessible. And that is why many end up paying the ransom. So many of our memories are stored digitally on computers.
For businesses, this could, of course, be even more devastating. As already mentioned, Garmin reportedly had to pay millions to get their data back. Other companies have gone into administration as a consequence of such an attack. If you’re a professional photographer, you could easily lose your livelihood to ransomware.
The 3-2-1 backup strategy
Instead of facing the risk of having to pay scammers because they really don’t deserve it, you should be using a solid backup strategy that allows you to continue working as soon as possible. The easiest starting off point is the 3-2-1 backup strategy.
3-2-1 means you have three copies of every file. Two of those copies are kept locally but on different devices, for example on an Unraid NAS. The final copy is kept offsite. Having two copies of your data onsite is great in the case of a hard drive failure or just general damage to your computer. Furthermore, were you to become a victim of ransomware, you could rest assured that you have another copy of all your files hidden away safely on another device. Having a copy of your data easily and readily accessible allows you to continue working in the case of any failures or attacks. Copying something locally will almost always be faster than downloading large datasets from the cloud.
3-2-1 backup in practice
Let’s say you have all of your photographs stored locally on your computer. That would be the first copy of your files. The second copy has to be a different device. So, you don’t want to keep them on a second hard drive inside your computer. If that computer was to get infected with ransomware, that drive would obviously also be affected. The same goes for external drives. If you keep them connected to your computer 24/7 it will be at risk. If you do opt for an external hard drive, make sure you only ever connect it to your computer when backing up. The easiest way of keeping that device safe is simply unplugging it when it isn’t in use.
It goes without saying that you should also keep a backup of your Lightroom Classic catalog on that external drive. Because Lightroom Classic doesn’t actually edit your raw files. That is if you use Lightroom Classic, of course.
A NAS is another popular backup medium. I personally use an Unraid NAS I built myself. But if you do use a NAS and permanently have it connected using a network share, it will very possibly be at the same risk level as any internal drive would be. That is why backup tools such as Bvckup 2 allow you to authenticate from within the app itself. That way, the network drive isn’t permanently connected.
Why you want an offsite copy
As mentioned, local copies are great if you need to gain access to your data quickly. But because local copies are generally stored in the same building they are equally at risk from natural disasters such as floods and fires, as well as theft. If you use an external hard drive to back up your files, you’re probably going to leave it sitting on top of your computer or on your desk. And if your computer gets nicked, I’m confident the external drive would disappear along with it. And that is why the final copy, which is stored offsite, is essential.
That offsite location could, but doesn’t have to be, a cloud storage provider. You could go with Backblaze, Google Drive, Dropbox, or any other provider. Another, potentially cheaper possibility would be an external drive which isn’t stored in the same four walls as the other two devices. Cloud backup services are certainly easier. Using an external drive would require you to get the external drive, bring it home, backup the data, and bring it back again. But it could end up being the cheaper option.