Mike's picture by Mike | March 8, 2016

Recently Palo Alto Networks reported a "ransomware" threat to Mac users named "KeRanger". After reading their analysis I found myself deeply concerned. Ransomware threats are nothing new, but I realized that this is probably the closest I've felt to the seedy world of cyber terrorism. Up until now all of that seemed to be aimed at governments, defense departments, big corporations... Windows users! Here we are, though, it's at our doorstep, and our neighbors are already victims. I received an email from a CCC customer yesterday that started with:

I happen to be one of the people who got hit with the ransomware hacks.

Yikes! I was not expecting a good outcome here. Thankfully, the rest of the email was:

Luckily I had a CCC of my drive and booted off that, deleted the ransomware files and was fine.

While this threat appears to be mostly contained at the moment, I think everybody should take some time to examine their defenses against this sort of attack. Having a backup is an obvious first step, but there are some additional steps that you can take to protect your backup too.

Protect yourself from ransomware

This particular ransomware attack is fairly clever. It lies dormant for a few days, then starts to encrypt your documents. It targets documents on externally-attached hard drives as well, and (in future developments) may even target Time Machine backups. CCC backups on external disks are vulnerable, as well. We have some suggestions that can help protect your backups from this sort of threat.

Keep your backup disk unmounted as much as possible

KeRanger targets volumes that are currently attached to your Mac and mounted. Physically detaching your backup disk from your Mac is the most effective way to protect that disk from attack, but it makes your backups more laborious, and you're less likely to keep them up to date. You can configure your CCC backup tasks to unmount the destination volume at the end of the backup task (click "Advanced settings" to reveal the option). With these settings, CCC will automatically mount the destination when the backup task is scheduled to run, then unmount the destination when the task is finished.

Encrypt your backup disk with FileVault

Keeping your backup disk unmounted is sufficient to protect you against the current KeRanger attack, but it may not protect your backup from future attacks. Finding attached-but-not-mounted devices isn't very difficult, nor is it difficult to mount those volumes once you've found them. If the cyberswine figure this out, you'll need an additional layer of protection. FileVault encryption will effectively prevent unauthorized applications from mounting your backup disk. Enabling FileVault... Read More


Mike's picture by Mike | February 10, 2016

A security vulnerability was recently reported on the Sparkle framework that many applications, including CCC, use to manage application updates. The report indicates that applications using non-secure (e.g. http rather than https) URLs to retrieve application update information could be vulnerable to a "man in the middle" attack.

We don't use any non-secure URLs within CCC, and that has been the case for a while. To be very specific in regards to the reported Sparkle vulnerability, CCC uses an HTTPS URL when checking for and downloading updates and release notes. In fact, as of CCC 4.1.5, it's not even possible for CCC to use an insecure (HTTP) URL, OS X El Capitan would forbid access to that resource.

Download CCC 4 today and make a bootable backup of your Mac!

Sarah's picture by Sarah | December 22, 2015

We will be closing December 24 at noon EST and remain closed December 25. We will also close December 31 at noon EST and remain closed January 1 to spend the holidays with our families.

Limited staff are available to respond to customer requests until January 4. We appreciate your patience if it takes a bit longer for us to respond than is typical.

Mike's picture by Mike | December 2, 2015

We hear this concern frequently:

"I'm considering buying CCC, but I am concerned that a new OS will come out and I will be asked to purchase a new license to continue using CCC."

Generally when a new OS is released, we offer a free update to CCC that allows users to continue using it with the same license on the new OS. That has been the case with 8 out of the last 9 major OS releases over the last 13 years, with the notable exception being Yosemite, which broke CCC 3. That being a recent experience, many users share this concern. I would like to succinctly alleviate these concerns with the following statements:

CCC 4 will be qualified and supported on OS X 10.12. We will issue a free update for that OS, just as we did for 10.11 El Capitan.

CCC 4 license holders will not be prohibited from using CCC 4.1.5 (or later) on OS X 10.13 and later

In the past, CCC refused to open on newer OSes* because we were concerned that a future OS version would break CCC in a manner that could lead to data loss. CCC 4.1.5 introduces a mechanism that can proactively warn users if this situation arises, so we no longer restrict that version of CCC from running on a future version of OS X. If you're interested in the longer version of this explanation, see this article: Coping with Apple's pace of innovation in an application that can delete files.

* Again, though, understand that CCC 3.5.7 was broken on Yosemite. While the aforementioned restriction would prevent that version of CCC from opening on Yosemite, it was the underlying architectural limitations of CCC 3.x that made it not work on Yosemite.


Mike's picture by Mike | September 10, 2015

We released CCC 4.1.4 last week with a handful of minor bug fixes, as well as some enhancements and a stamp of approval for use with OS X 10.11 "El Capitan". This update is free for CCC 4 license holders, and recommended for anyone currently running CCC 4.

With the announcement of a ship date for El Capitan, perhaps you are counting down the days to when you can inflict it upon your production Mac. Or perhaps, like me, you're going to test it on your kid's Mac first and hope it doesn't wreck his Minecraft worlds. In either case, now is a great time to take another look at your backup hygiene. Many people don't realize this, but if you apply the "next major OS" upgrade to your Mac, Apple makes it darn near impossible to go back. The rub lies primarily within Apple applications such as Mail, Calendar, Address Book, etc. When you upgrade to the next OS, the data stores for these applications are upgraded as well, in a manner that is not backwards-compatible. So if you loaded El Capitan onto your system and realized that some major piece of productivity software doesn't work, getting back to Yosemite is not only challenging and time consuming, but you're also going to have a lot of trouble getting your email to work. That is, of course, unless you have a bootable backup of your pre-upgrade system.

Before you upgrade, make a bootable backup of your current system with Carbon Copy Cloner, detach the backup disk and set it on a shelf. Learn more about how to protect yourself from upgrade calamities here: Getting Ready for the El Capitan Upgrade


System Integrity Protection and Carbon Copy Cloner

El Capitan introduces a new feature called "System Integrity Protection" (SIP). A few people have asked us whether CCC "works" with SIP, and the short answer is, "Yes, absolutely". SIP doesn't have any implications for a bootable backup solution. Carbon Copy Cloner 4.1.4 is fully qualified with 10.11 El Capitan. Bootable backups created by CCC will preserve SIP, and SIP will be perfectly functional and happy on a cloned or restored system. To address the specific concerns raised by a few people, CCC can copy and set the "" extended attribute on system folders and files that are on the backup volume. I wouldn't be able to do that on the startup disk (SIP prevents that), but I'd never want to do that anyway; it would be foolish to make changes to the system files on the volume you're currently booted from.