Q. I’m afraid of ransomware, so I’m looking for a way to protect my backups from infection. My backups are stored on a networked drive that’s actively connected to my PC only once a week, when my system is making a new backup. I use Acronis True Image, giving me backup files named backup.tib. Because ransomware looks for data files to encrypt but otherwise leaves your system running, I think that renaming my backup files to backup.exe should make them safe. Is this a good idea?
A. Disguising your backups by renaming would seem to be a good plan, but it won't result in any meaningful extra protection. It’s trivially easy for well-coded malware to look past a file name or file-extension to see what’s actually inside. The same is true for another clever-sounding trick: placing data files in nonstandard locations. But, again, that would fool only the most rudimentary forms of malicious code.
In short, simple tricks simply won’t protect you.
But there is an additional backup step that can help ensure that no malware of any type gets saved into your backups.
The only time the backup files are vulnerable to new infection is during the relatively brief time when the drive is actively on line and connected to the Windows PC. When the drive is disconnected and offline, its files are totally safe.
But for maximum safety, do this: Before bringing the backup drive online and running the actual backup, thoroughly scan your system with a good anti-malware tool. Ideally, use a scanner that’s not part of your full-time anti-malware setup; it will help catch any infections that might have slipped past your primary defenses.
For example, I use Win10’s built-in Windows Defender and Malwarebytes Pro for the daily defense of my PC’s files and its ongoing File History backups. But before running my monthly whole-system backups (to a different external drive), I verify that the PC is truly clean by scanning with a separate tool such as ESET’s online scanner.
Those extra scans are the key: Once you know that your PC is malware-free, you can then connect a drive and perform your backup, confident that you’re not spreading any infection to your backup files.
*
Editor's note: We feature an abridged Q&A from Fred Langa's LANGALIST, a column available exclusively to paid subscribers of the Windows Secrets newsletter,. What you see here is just a small sampling of what Langa's writing for the newsletter — go here for more information on how to subscribe.
