Tresorit – Finally a secure and reliable backup method?  Initial review and thoughts

Screen Shot 2016-04-11 at 6.35.18 PMIn my search for a backup solution that was known for encryption, I have found Tresorit.  They pride themselves in never having been hacked and include a count on their website showing number who attempted with zero success.  This is a current “hot button” topic as I quest to find solutions to protect my own privacy and security. As I think we can all agree – my information, my stuff! As an aside – looking for security in your email environment? Take a look at what Protonmail is up to!
Okay, now that I have said my peace about security, let’s take a look at what Tresorit has to offer. At first look, I was pleased that I was able to pick and choose the files/folders I was interested in backing up. Unlike other backup solutions I’ve researched, where they overtake your computer and backup every file and preference setting, known to man. This solution keeps you in the drivers seat and lets you pick from the start what data you’d like to backup.
Tresorit setup and walk-thru is far different than the nightmare of many other backup solutions.  After signing-up for a plan, and downloading their software on my Mac, the setup was seamless. The look and feel of the product is minimalistic, but powerful and effective. Creating ‘tresors’ or backups was quite simple. Once Tresorit is open, you can easily create a new ‘tresor’ by click on the “+” button.  Simply name the ‘tresor’ and point it to the folder where desired data resides.
Screen Shot 2016-04-10 at 8.27.26 AM
After selecting ‘New tresor’, you need to select the folder to backup and then create a name for your tresor as shown below.
Screen Shot 2016-04-10 at 8.31.58 AM
If that seems like one step too many, you can always right click on a folder within Finder for Mac, or Explorer for Windows, and select ‘create tresor’.  Note: I did have an issue with this once.  When I right-clicked on a folder I wasn’t shown the ‘Create tresor’ option within the menu.  After rebooting, I was able to see this once again.  Not sure if a bug or just fluke, but certainly isn’t a show stopper.
Screen Shot 2016-04-10 at 8.29.45 AM
 Actual backup process:
After setting my initial tresor, I noticed that I had a few items I didn’t need backed up.  Instead of needing to moving them out of my folder, Tresorit allows you to exclude files/folders. Within the treorit main menu, you can click the ‘more’ button and select ’selective sync’.  This then provides you the ability to uncheck file(s)/folder(s) you don’t wish to backup within this tresor.
 Screen Shot 2016-04-10 at 8.48.25 AM
Currently, Tresorit’s Premium package is $12.50USD/mo and includes 100GB of data. There are additional packages for business and enterprises, however my review is solely on the premium package. They aren’t the cheapest solution for online backup storage, however, I definitely cannot argue with the pricing they have in place with the knowing security is number one to them.
Speed and performance:
During my tests, I noticed that while backing up folders, my internet browsing experience suffered slightly. My home internet connection is not the fastest to begin with and I noticed that pages were loading much slower. Perhaps throttling the bandwidth of Tresorit is worth taking a look at when setting up initial tresors.  This can be found under Tresorit / Preferences / Network  Bandwidth, and you are able to select download and upload limits. When creating new files/folders within my documents on my Mac, its was mere seconds later that I received notification from Tresor that a file was uploaded.  I really like this feature!
Suggestions & Improvements:
Looking at support documents from Tresor, I noticed that you could right click any folder and click ‘create Tresor’.  However, when I attempted to do so on many folders, I wasn’t seeing this option.  (log off, reboot? does this fix it?)
During my testing, one setting I couldn’t find that I would like to see implemented is an estimated file transfer time in which a folder will be synced as well as transfer speeds of the folder or file. It does provide a percentage of transferring but we have no reference point.
Audible Notifications:
When uploading a folder initially with multiple files you receive an abundance of audible notifications informing that files were successfully uploaded. While I appreciate a notification, I would like the option to mute the audible portion of the notifications. Hearing audible notifications 12 times when uploading 40 or 50 files gets annoying quickly.  After you have completed a tresor and you log back into your computer, yet another audible notification is sent congratulating you. I would love to see an option for silencing all audible notifications – I just don’t need annoying alerts to upload files!
Even the most secure sites cannot be too secure. The one concern I have with Tresorit is they are using a lightweight Tresorit javascript package to allow for decrypting of files when sharing encrypted links.  If Tresorit were to be attacked, it’s possible that the hackers could modify the lightweight javascript code and redirect the now decrypted files to them. Tresorit takes this very seriously and continuously monitors their servers and if a suspension of intrusion detector were to occur, they have a shutdown policy in place.
All-in-all, I think this is a Tresorit is a sound solution and hope that some of the annoyance can be easily modified.  I look forward to seeing Tresorit grow and enhance their product and invite you to take a look and see if this solution might fit your needs.

Crypto ransomware infects ads on well-known sites


[UPDATE] How to prevent gpg.exe (crypto ransomware executable) from executing on users machines.  Add this GPO to your necessary organizational units.

Over the last couple of years we have heard about organizations attacked by crypto ransomware.  Earlier this year, we heard about a hospital that was attacked and paid the ransom.  Yesterday, we have found this effort has been stepped up and popular websites are becoming carriers of the crypto ransomware via advertisements.

The original method of attack was via e-mail.  If the person receiving the e-mail clicked on the link, ransomware would attack both the computer and any file servers that computer and user had access to.  Attempting to stop these threats prior to reaching the end-users is becoming increasingly more difficult.

The attackers know that it only takes one user to click on that link and they can effectively render an entire fileserver useless, depending on the rights the employee has for on the server.  For every file and folder that user has access to, ransomware can now encrypt that data.

The latest reports show that e-mail wasn’t good enough.  They are now using popular websites advertising links to inject their malicious code.  This is called malvertising.  Since advertising is often in a place that sees high volumes of activity, this can quickly affect many users and computers in a short period of time.

There are a few  ways to help reduce the risks to you and your organization.  One, reduce the amount of ad clicks, much more difficult to prevent I realize, but reducing or eliminating clicking on advertisements would be highly recommended. Another method is to increase the frequency of your backups.  Doing so would not prevent the attack from occurring but could reduce the severity of the attack.  The last advice and more difficult to implement is reducing the rights users have to file servers.  This isn’t an easy task by any means, but perhaps now is the best time to have a review.