Most backup systems, backup data, photos etc. They don't backup programs, since we all have our install media (and keys) in an easily accessible place.:D
Some software, especially if it is under a one-time install site license (as is common with colleges and universities) won't be reinstallable if there is a CryptoLock attack.
One solution is to keep an "image copy" of your main (boot) drive (on DVD(s)).

I just back up install images to my server, and I put CD keys into a file on my google drive (imaginatively named "cd-keys.txt".) Easy-peasy since pretty much everything comes down off the internet (or a work file server) these days... the only things I've bought on disk in the past 2 years have been my annual tax software, since the disk-based version lacks DRM while the online purchase is DRM'ed. I don't remember whether any of the programs I still keep installed originally came on CD/DVD, but if so it was more than two and a half years (and two laptops) ago.

Interesting; I haven't hit that. Sounds inconvenient; most things I've hit with limited activations have a workaround to activate them again if needed, although it usually requires talking to a live person in their customer service (UbiSoft is particularly bad for this.)

Or on an external disk or network drive that isn't perpetually mounted to a drive letter.

HA, HA:D. there isn't a live one...and their internet support is (???)

As to the software, you get one download, and are given the activation key. If you made an image copy of your HD, you are OK.
I was curious after reading this thread if I could still download the Office 2013--the English version is "blocked", but I could still get the French version...or wait until the next full release.

I was really hoping that this thread would be about the things that can be done to harden your PC against this threat. Not a conversation about backup strategies, Yes we should all do them and yes most of the world does not do it.

I believe there are changes you can make to the windows world that can stop the ability of this virus from invoking the CRYPTO facilities within Windows. I will go off and try to find that information and post it here, but maybe someone can beat me to it.

So what is my backup plan, I have a clone of a clean boot drive with all software installed and configured removed from the machine (this is done on a regular basis). All critical files are copied to an external Raid Array that is only turned on when that is being done. It is not easy to do a full backup when your system has 16TB of data. Even if I had that amount of offline storage available it would still be hard. Even incremental backups would be a pain. Therefore I manually protect the critical data and if I lose the rest so be it.

You may be thinking of the group policy changes to disable executing things from the appdata/ directory.

Best discussion I can quickly find is here:
http://www.bleepingcomputer.com/viru...mation#prevent

(earlier but harder to read discussion here: http://www.computerworld.com/s/artic...do_if_you_are_ )

Be prepared for more powerful, more widely deployed ransomeware:

http://arstechnica.com/security/2014...akable-crypto/

CryptoLocker showed up on a colleague's computer today. It encrypted a large chunk of our global share drive too - not sure why it missed an equally large chunk.

I unplugged the PC from the network (too late, of course). IT replaced the PC and is restoring the drive's contents from backup.

The infection was from a file that looked like a PDF that came from our payroll processor, ADP. Be careful if you get any attachments from ADP!

Lucky IT had reliable backups. I still cringe at the fact that some companies, especially SMBs, don't make the investment in things like that. The fact that CryptoLocker goes after network drives made me nervous in my previous role as an IT manager, even though we did have backups... restoring terabytes upon terabytes of backups to disk units is not fun even if it all works as expected. A colleague of mine also got a laptop infected, but thankfully was off site and not VPN'd in, so mapped drives were not affected. I remember being nervous about other machines silently encrypting away (not fully trusting AV companies had it under control at that point), so I ended up writing a Powershell script to query all the computers connected to the network and search for registry keys created by CryptoLocker and report back the results... thankfully there weren't any other episodes. And even better now, I'm no longer in a position where it's a concern to me.

We were getting about sixty of those messages a day but after blocking all incoming email from Russia and most of Eastern Europe and China and most of S.E. Asia it is now only about half-a-dozen or so.

The most recent batch were spoofing H&R Block.

IT is looking at an active quarantine for email attachments where the helpdesk will have to clear them before they're delivered. That should go over well.