PC World's cloudy backup failed when exposed to ransomware

30-day backup promise wasn't, says aggrieved customer

The shortcomings of consumer-grade backup services in protecting against the scourge of ransomware have been exposed by the experiences of a UK businesswoman.

Amy W, who runs a small business in the Newbury, Berkshire area, was convinced that the KnowHow cloud was the only backup technology she'd ever need1 when she bought a laptop from PC World.

Eight months later, however, in the aftermath of a ransomware infection, Amy discovered that the KnowHow cloud backed up all her newly encrypted files and didn't keep any revisions, leaving her unable to restore files from a historic clean backup.

PC World told El Reg that 30 days of historic backups should have been available through KnowHow cloud but this is contradicted by the victim herself, who said only two backup points, each from the same day she was infected with the CryptoWall ransomware, were available.


El Reg heard about Amy’s woes after a friend of hers got in touch with us and pointed us towards a post (extract below) about her experiences on PC World’s Facebook page earlier this month.

Yesterday an email came through which i opened (it was from what looked like a completely standard email address) a virus flooded my laptop instantly corrupting all my files and saved documents getting pass my antivirus, I was thankful for my cloud. I had someone look at it and eventually completely remove the virus but i had to completely reboot and reset my laptop after, i would lose Microsoft Office but I could cope with that.

We logged on to my cloud and to my horror it had updated all my documents to the corrupted version, I was sure it would be ok so phoned Knowhow thinking i would be able to restore from a different date.

Knowhow told me it automatically over writes documents and doesn’t keep revisions of older documents and backups. I have lost everything, years of work and important documents that I've worked hard for gone. I was so shocked they don't offer this, even my IPhone lets me select dates i want to restore from.

Do not rely on Knowhow completely, I would have happily purchased a hard dive but was advised this would be enough. Google drive is good too as it keeps revisions. I'm Gutted!!

PC World suggested that Amy’s machine might have been infected with the ransomware for weeks before she discovered the problem, a suggestion she strongly denied.

"It was Cryptowall," Amy said. "It came through as an invoice. It wanted me to pay £1000 to get a key to unlock files and the price doubled every 14 days."

“I know exactly where the virus came from and had it removed the day it hit my laptop,” Amy told El Reg. “The ransomware had been on my laptop for a matter of hours when it was removed and I contacted Knowhow that evening the same day.”

“30 days worth of back up was definitely not available for me to access from my end, I had a choice of two times on the same day, one being when they had backed up with the corrupted files and one later in the day when my laptop had been reset,” she added.

Chris Boyd, a senior malware intelligence analyst at Malwarebytes, said that the case illustrates the wider potential shortcomings of cloud-based backups as a defence against ransomware.

“In general, cloud backup is another useful tool to help ward off the threat of ransomware, but isn't applicable in all situations,” Boyd told El Reg. “Individuals and businesses may rightly balk at uploading potentially sensitive documents into the cloud where they suddenly have no control over it, and should look into file encryption of their own to ensure nothing valuable leaks.”

“Offline backups would be the best way to go, especially as you have full control over the data at all times. Not all cloud backup hosts offer the ability to roll back to specific dates, which is a disaster in situations where malware butts heads with an automatic upload. Off-the-shelf backup solutions are fine for most things, but should go hand in hand with a layered approach which could include AV [anti-virus], anti-malware and exploit protection,” he added.

Asked what expectation its customers reasonably have about the capabilities of KnowHow cloud in mitigating against the growing problem of ransomware attacks, Dixons Carphone (PC World’s parent firm) said its system keeps 30 days of backups by default. PC World is clear in saying that customers shouldn’t rely on its cloud backup service in isolation while simultaneously saying it offers a safety net – one that seems to have failed in Amy’s case, at least.

Our cloud service automatically backs up a customer’s machine and keeps on file 30 days of previous back-ups which is why we are able to restore this customer's data.

Essentially this means that any file back up has 30 different back up version any of which the customer could restore from even if an encrypted file has been backed up. However if a customer had not noticed they had a virus for more than 30 days all of the previous day versions would have also been back up as an encrypted file.

The back up servers as a matter of course run daily virus and malware scans however these files would not be identified as suspicious as they were not a virus threat themselves.

To ensure total protection a customer would also need to run a form for anti virus / malware software on their machine to ensure no threats occur initially.

El Reg also asked for a response to Amy's criticism in general – and the point that older files were over-written so she couldn't back up to the last known "safe point" – in particular. We haven’t had a satisfactory explanation on this point as yet.

Media interest in the case, or perhaps her own dogged efforts to raise the issue on social media, meant that Amy was recently referred to PC World’s Cloud services team, members of which made a spirited go at restoring her files.

Amy praised the efforts of PC World staff in attempts to restore her files despite only partial success on this front.

“PC World have been nothing but helpful since I had contact with them last Friday, we have managed to save a few files,” she told us. “Although it seems to have been a struggle and definitely not something I could have restored myself.” ®


1Amy was sold KnowHow cloud on the basis that it was "military safe", according to her account.

Similar topics

Broader topics

Narrower topics

Other stories you might like

  • North Korea pulled in $400m in cryptocurrency heists last year – report

    Plus: FIFA 22 players lose their identity and Texas gets phony QR codes

    In brief Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.

    A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader's coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.

    Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 - although part of the reason might be that they are now so valuable people are taking more care with them.

    Continue reading
  • Tesla Full Self-Driving videos prompt California's DMV to rethink policy on accidents

    Plus: AI systems can identify different chess players by their moves and more

    In brief California’s Department of Motor Vehicles said it’s “revisiting” its opinion of whether Tesla’s so-called Full Self-Driving feature needs more oversight after a series of videos demonstrate how the technology can be dangerous.

    “Recent software updates, videos showing dangerous use of that technology, open investigations by the National Highway Traffic Safety Administration, and the opinions of other experts in this space,” have made the DMV think twice about Tesla, according to a letter sent to California’s Senator Lena Gonzalez (D-Long Beach), chair of the Senate’s transportation committee, and first reported by the LA Times.

    Tesla isn’t required to report the number of crashes to California’s DMV unlike other self-driving car companies like Waymo or Cruise because it operates at lower levels of autonomy and requires human supervision. But that may change after videos like drivers having to take over to avoid accidentally swerving into pedestrians crossing the road or failing to detect a truck in the middle of the road continue circulating.

    Continue reading
  • Alien life on Super-Earth can survive longer than us due to long-lasting protection from cosmic rays

    Laser experiments show their magnetic fields shielding their surfaces from radiation last longer

    Life on Super-Earths may have more time to develop and evolve, thanks to their long-lasting magnetic fields protecting them against harmful cosmic rays, according to new research published in Science.

    Space is a hazardous environment. Streams of charged particles traveling at the speed of light, ejected from stars and distant galaxies, bombard planets. The intense radiation can strip atmospheres and cause oceans on planetary surfaces to dry up over time, leaving them arid and incapable of supporting habitable life. Cosmic rays, however, are deflected away from Earth, however, since it’s shielded by its magnetic field.

    Now, a team of researchers led by the Lawrence Livermore National Laboratory (LLNL) believe that Super-Earths - planets that are more massive than Earth but less than Neptune - may have magnetic fields too. Their defensive bubbles, in fact, are estimated to stay intact for longer than the one around Earth, meaning life on their surfaces will have more time to develop and survive.

    Continue reading

Biting the hand that feeds IT © 1998–2022