How many disks do you have in rotation off-site? If you've only got one, it might be worth increasing your retention time by adding a couple to the mix. Depending on the volume of data, tape would also be worth considering; medium-large organizations tend to use a service that picks up the tapes daily (and either rotates them, or if you've got a keep-forever compliance policy like one prior employer, just archives them.)

Online sync to an offsite server would be ideal; your own physical server at a colocation facility isn't the cheapest way to go (at least around $1000 up front at a minimum to buy the server, plus around $100/month minimum for the service) but is one of the few that would satisfy the lawyers.

Using a cloud backup service (Microsoft's or otherwise) would probably be cheaper at least until the server amortizes out, depending on the volume of data.

It's unclear how quickly the malware can encrypt documents. For my hundred+ of documents, music and photos, it likely would require longer than overnight.

So, I might have to go back a few days to find a clean backup.

I'm duly impressed at the Enterprise-class backup strategies some of you are employing!

At our house, the work in progress files that are usually in the Documents folder get backed up online near continuously.

Our photos are backed up to Picasa and our music can be pulled down from the iTunes store whenever we need to.

Having had to rebuild the kids' hard drives once too often, I bought a HP MediaSmart Server running WHS v1 a few years ago and it wakes and backs up all the PCs nightly. Once we get our first Windows 8 machine with a GPT boot drive, I will have to upgrade to a more recent Windows Server OS.

For those that were worried about the time it takes to do backups, the Windows Server variants all back up only the changes from the last backup so the process can be very quick. And it is unattended, so it gets done :D

This thread has actually inspired me to make two changes:
1) Start trying to get BackupPC working, rather than just dumping things to a my Linux server before each international trip (the only times I've had malware problems in the past decade, they have come from hotel internet setups, and I also like to clear off some critical documents when traveling across boarders) or whenever I upgrade my SSDs (having gone from 1x 300 -> 240+300 -> 480+300 -> 512+480 -> 480+960 in the space of 2 1/2 years*)
2) Switch to using UNC names for the server rather than drive letter mount points.

(* about to be down to 256+960 for a while when my new machine arrives. )

I'm pretty casual about backup: I back up my Mac every couple/few days with Time Machine to two separate external drives, only one of which comes on the road. But that's more assiduous than at least half my friends.

Are UNC names more secure in general or is it mostly related to how Cryptolocker works?

Thanks.

Right now, Cryptolocker seems to only go after files on drive letters, whether local or remote.

UNC names are not inherently any more secure, and a better written piece of Malware would be able to look at the history of currently logged in UNC shares ... and might even be able to get at any recent ones with remembered passwords.

What is an UNC name?

Name in the format \\server\folder

Uniform Naming Convention

http://en.wikipedia.org/wiki/Uniform...ing_Convention

Appreciate the heads up and advice.

On the plus side, most of our personal email is now opened on an apple mobile device rather than our apple laptop. So less likely to encounter a virus though I still find some websites that attempt downloads when you click on a link (not just off color ones ;) )

Concur. Those of us with old apple systems have to manually backup to external hard drives unless we are willing to invest in a network drive. As the sole provider of home IT support :D I try to do this monthly but certainly not weekly. There is also some benefit in hiding your external backups drives - one of colleagues had both laptop and backup stolen in one fell swoop.

Of course there are 3rd-party paid services but these have two additional issues: cost and security.

Really I find the bigger issue/risks now are with mobile devices. What do you store on them and how often do you backup all those photos?

My new photos sync to both Google+ and DropBox the moment I next connect to wifi at home, work, the gym, or a few other places. Video only syncs to Dropbox not Google, although that's pretty much 100% of the time a video of my daughter taken at home so it goes up about a minute after I take it.

Finding an affordable place to back up the 100+ GB of DSLR photos is tougher; right now I have a RAIDed home server, a full copy on my laptop (people ask me why I need a 1TB SSD :) ) and I occasionally update a copy down at my in-laws' house.

I've thought about something like BackBlaze, but most of the cloud providers are WAY too expensive for the volume (~200GB if you add it all up) I'd need to back up, and I'm rather uncertain about their encryption for the secure subset of the documents which would mean I'd have to encrypt them on my end.

I have about 300GB stored on CrashPlan. About $46/yr if you purchase 4 years of service.

I do pretty much what you do. Dropbox syncs everything across my desktop and laptop.

I was using Carbonite as a cloud backup, but it stopped working, so I gave up on it as it was very close the end of the contract.

I've started using Acronis Trueimage Cloud as an alternative. It cost £49 per year for the software and 250GB cloud storage. Pretty good.

I use the Trueimage software to backup to my NAS and the Acronis Cloud.

Cryptolocker malware has infected 250,000 PCs in just 100 days
 

FWIW, according to this article by David Gilbert:

International Business Times:
CryptoLocker Gang Earns Millions in Just 100 Days
December 19, 2013 12:18 PM GMT

"the Cryptolocker malware has infected 250,000 PCs in just 100 days, potentially earning the gang behind the ransomware millions."