Having a Backup of Company Data Does Not Mean You Have a Disaster Recovery Plan

A former attorney's office across from the old Morgan County Courthouse suffered extensive damage in the March 2 tornado. The rear of the building has been demolished since then. The building is shown here May 16.  Photo by Tom Eblen | 

You've heard over and over again that you must have a secure backup of your company data, but have you stopped to consider what you'd do in the event of a disaster?  How would that data be restored to a fully functioning office environment?

The answer to those questions hinges on two variables - first what was the nature of the disaster? Second what type of backup do you have?

Put in slightly different terms, having a backup of your company's data merely means that you have a copy stored somewhere, it does not mean you have an instantaneous way to restore your company's network back to full functionality.  This is not what you want to hear and comes as a shock to many business owners who thought they'd done what they needed to do by having a backup of their data.


The New And Improved CryptoWall 2.0

Albeit improved in all the wrong ways.  

CryptoWall 2.0 is ransomware that falls into the same category as CryptoLocker, CryptorBit, TorrentLocker, the original CryptoWall, etc.  As one would expect with anything labeled 2.0 there have been improvements made to the original CryptoWall, in this case making it all the more insidious.

The original CryptoWall has made plenty of trouble for network administrators, encrypting local data and any data found across network shares.  There had been some loopholes network admins were using to recover the files without paying the ransom, including using data recovery to recover the original unencrypted files that CryptoWall had deleted.  However, with CryptoWall 2.0 the malware developers have made changes to make things harder on their victims.

(It's terrible, calling them developers as it almost gives them professional legitimacy. Admittedly they do consider this their job and as I've discussed before it is a very profitable endeavor.)

Changes included in CryptoWall 2.0 include unique wallet IDs for each victim to send ransom payments to, use of their TOR gateway, secure deletion of original [now] encrypted files, and a pretty handy FAQ / set of Instructions, which both covers what has happened to your computer and how to fix the problem.  Interestingly the Instructions make it sound like these guys are hear to help and not like they are the ones who caused the problem in the first place.

Here is a Bleeping Computer image of the Instructions.  Click here to read the full article on Bleeping Computer.Image from Bleeping Computer  

Always the recommended option for businesses is having a True Enterprise Backup, which allows for multiple copies your backed up material to be stored.  For many this has meant that yes the backup that happened last night was just a backup of the encrypted files, but the previous version from 3 nights ago is unencrypted.


The Cost Of Data Loss & How To Avoid It

Recently more than 1,000 small to mid sized businesses were surveyed, by Spiceworks, about their data backup and recovery budgets, technologies, and planning.  According to the survey results 45% of the respondents said their business had experienced a data loss and of those data losses 54% were due to a hardware failure, 28% were due to human error.  The average hard cost to recover the lost data was reported at $9,000, but that does not take into account the cost of lost time and productivity while the data was being recovered.

A recent Intel publication shows that the average days to re-enter 20Mb of lost data is 19, the cost of recreating data from scratch is $8,000 per MB of lost data, and that 60% of small businesses that lose data go bankrupt within 6 months of the disaster. Data Loss

Yet with all this available data the Spiceworks survey showed that 42% of companies don't have a disaster recovery plan and even more concerning the survey showed that only 67% of the companies surveyed were backing up their most important data.  Of those surveyed, who do backup, the average annual cost for those backups were $5,700; backup methods included external hard drives, hosted backup solutions, tape backups, replication, and optical storage (CD / DVD).

What should you be doing now to make sure you're prepared if the day comes and you join the 45% who've experienced a data loss?

First make sure you are backing up all of your critical data at the very least, and likely at least some of the data that you could recreate, but would be time consuming /burdensome to do so.

Next consider how you are backing up.  Are you backing up local to your office - tape drive, external hard drive, etc?  What would you do in the case of a fire or other natural disaster?  Are you backing up to an online service?  Are you comfortable with the service and is it setup to backup company databases, not simply home user files?  Are you backing up to CDs or DVDs?  Are they stored in a secure location?

Lastly do you have a schedule where you check your backups to make sure they are doing their job?  Do you have issues with tapes filling up?  Is your online service backing up only your server and you've discovered employees are saving mission critical data locally to their hard drives?  After doing a backup to a DVD do you check to make sure all files copied properly and are accessible?

Data is now central to all businesses, conversations about procedures for backups and disaster recovery should be had regularly to make sure you don't find your company in a crisis recovery situation!   tsis-logo-color

Subscribe to this RSS feed

Contact us

Phone: (775) 852-1811

Toll Free: (866) 511-1331

Fax: (775) 852-1844


Physical Address:

800 South Meadows Parkway

Suite 600

Reno, NV 89521

Log in or Sign up