The WannaCry ransomware scam is paying off big-time, just not for the hackers behind it, so far. They had gotten only about $80,000 in extortion payments as of Wednesday, probably not even enough to make bail, assuming they’re ever caught.
On the other hand, the Boston data-backup company Carbonite Inc. is raking it in. On Monday, the company’s stock jumped nearly 6 percent (though it gave some of that back on Wednesday, a down day for the market). Chief executive Mohamad Ali said businesses and consumers were scrambling to sign up for Carbonite’s Internet-based backup service, a last-ditch defense against programs like WannaCry that could lock up their data forever.
Consumers were spared in a global attack that targeted institutions from hospitals in England to universities in China. Next time, we might not be as lucky. So you might want to do what I did: After having second thoughts, I decided to hang onto my Carbonite subscription.
Even so, most of us don’t use these services, which back up our files and stash them at remote data centers. According to a March survey of 1,000 businesses and consumers by the data recovery firm Kroll Ontrack, 75 percent said they make regular backups, but only 33 percent push that data out to the cloud.
The chief advantage of online backup is its set-and-forget simplicity. You pay an annual fee — usually around $60 per computer — then install a little piece of software that runs constantly in the background. Every time you hit “save,” whatever you’re working on is preserved in the cloud, whether documents, videos, or photos. All files are encrypted, to protect user privacy. Some services let you pick a personal key so secure that the backup company itself can’t get at your data, even if hit with a court order.
On the downside, cloud backup is only as fast as your broadband connection. Getting your files back can take all day. So, many providers take a hybrid approach, backing up the files to the cloud and to a customer’s own external hard drive. With a local backup, you can find lost files in minutes, not hours.
But local hard drives are a major risk in the age of ransomware. Some malicious software will attack any drives attached to the computer. When your stuff is in the cloud, the malware on your personal machine can’t touch it.
At worst, a cloud backup service might automatically add corrupted data to your stored files. But these services always retain earlier, uninfected versions of your files. Say your machine is hit by ransomware on Thursday. You can simply restore your files from Wednesday’s backup.
Despite all these advantages, I’d been tempted to abandon Carbonite. Blame it on Dropbox, the popular file-sharing service I’ve installed on my smartphones and computers. For years, I’ve been shoveling my files into Dropbox, to ensure I can get at them wherever I am. That’s too much data for the free edition of Dropbox, which comes with just 2 gigabytes. But for $10 a month, Dropbox provides a terabyte of cloud storage, enough even for me.
Ali told me that file-sharing services like Dropbox, Google Drive, and Microsoft’s OneDrive have shaken up Carbonite’s business model. Originally aimed at consumers, the company now derives 70 percent of its revenue from businesses, because so many consumers regard file-sharing services as a substitute for cloud backup.
But it isn’t. Remember that Dropbox isn’t automatic. You must remember to put your files inside your computer’s Dropbox folder, or you risk losing them in a crisis. Also, Dropbox won’t restore files by placing them in the standard directories, like music, videos, photos, and documents. A cloud backup service will put all your files right back where they belong.
Paid versions of file-sharing services cost a little more than a cloud backup like Carbonite. I often share big files and need the paid version of Dropbox. Most consumers would be better off using the free version of Dropbox or Google Drive for routine file swapping, while relying on a cloud backup service to preserve tax records and wedding photos.
Bad as it was, WannaCry left most home computers unscathed. We probably won’t get that lucky again, but happily, luck isn’t our only defense. Instead, we need to keep our computers equipped with the latest security patches and the freshest anti-malware filters. And we should back up our stuff online, just out of reach of the bad guys.