A backup strategy for malware recovery

The general advice on backups is to maintain at least three backups but what’s the best way to do this? This is my strategy that’s designed to get me back up and running after any loss of data.

The recent publicity around the ransomware that hit so many sites around the world has led me to review my backup strategy. As a Mac user, there is a lower probability of being hit by ransomware or other malware but it is stupid to be complacent. No matter how careful you are and whatever your skill level, your computer can still be affected.

I am now an amateur rather than a professional user of computers so I won’t lose money if I have to spend time recovering from a corrupted system. It would never be worth my while paying a ransom. However, I use my computer for several hours most days for writing and photography so I would be significantly inconvenienced if it was infected.

I currently have two computers – a desktop and a laptop which are kept in sync using Dropbox. Therefore, except when Dropbox is updating, I have copies of my files on both machines plus copies on the Dropbox server. I have a backup disk permanently connected to my desktop machine and I schedule hourly backups using Apple’s Time Machine utility. It isn’t practical to have regular off-site backups but I backup when I can when visiting my daughters in Edinburgh.

This backup strategy was designed to cope with the two most common problems that arise:

  1. My stupidity when I delete or overwrite a file by accident and I want to recover it. I can usually either recover it from Time Machine or from Dropbox, which keeps copies of changed files for 28 days. I’ve had to do this several times.
  2. A hardware failure when a disk on either my desktop or laptop fails and I need to recover the whole disk. I can reinstall the system on the computer then copy the files from the other machine. I’ve been lucky and, although I’ve had dodgy disks, they have never failed catastrophically so I’ve been able to recover most data directly onto a new disk.

This strategy can also cope with the disaster scenario where both computers are damaged (e.g. in a house fire) or stolen. It would be inconvenient, but I could recover from an off-site disk then update changed files from Dropbox. My assessment is that the risk of total loss is quite low so the inconvenience is acceptable.

What I have not catered for in designing this strategy is a situation where malware deliberately tries to damage files on my computers. Because the desktop and laptop are synced in real-time, file corruptions on one computer will propagate automatically to the other. Furthermore, because my backup disk is permanently mounted, the malware could access it and corrupt the backups.

So, to cope with this situation, I have bought a copy of a disk cloning utility and I now plan to clone my laptop disk once a week onto a backup drive. I will do this manually and I will not leave the disk connected. Therefore, malware will not be able to access it. I can be up and running after an incident in a few minutes and can then recover the files I have changed from the last clone from Dropbox.

I also plan to buy a new faster disk to replace the one I use for off-site backups and keep a remote cloned disk as well as a Time Machine backup as I do at the moment. This will speed up the process of recovery in the event of total loss.

There is a scenario where this strategy could fail. If malware was introduced onto the system that lay dormant for a while, it would be cloned in the backup. If it lay dormant for long enough, it would also be cloned in my off site backup. Restoring from the clone would lead to an infected system being created. I can’t see any way where I could quickly restore my systems in this situation.

This is an unlikely but not impossible situation. If it happens, I think I can recover by reinstalling the system software then using Dropbox/Time machine copies of my user files to recover these. Hopefully, it won’t be a problem.

One thought on “A backup strategy for malware recovery

Leave a Reply

Your email address will not be published. Required fields are marked *