In a previous article, I wrote at length on how ransomware is nothing special when it comes to prevention — it’s “just” malware, and the same steps you take to protect yourself against malware are the steps you take to protect yourself from ransomware.
Because of ransomware’s devastating consequences, however, many people want additional assurance that they’re protected, even if they allow such malware to reach their machine. In particular, two questions come up often: what about files stored in services like OneDrive or Dropbox, and what about backups stored on connected external hard drives?
I recently became aware of a couple of features specifically designed to allay those concerns.
Become a Patron of Ask Leo! and go ad-free!
Protecting your backups
I’m a big believer in regular, automated image backups. That requires a destination for the backups — typically an external drive — being always connected and ready.
The concern is that ransomware, as part of encrypting your data files, might come along and also encrypt the files it finds on your backup devices. This renders the typical ransomware protection advice — just restore a recent backup — impossible to accomplish.
Macrium Reflect has added a feature called “Image Guardian” to its paid versions to protect against just such a situation.
The concept is simple: only authorized applications — namely Reflect itself and a couple of specific exceptions — are allowed to do anything to the backup images.
Even attempting to delete such an image in Windows File Explorer will generate an error and a notification.
This effectively locks down your backup images from unauthorized modification, particularly by malware. (You can delete the file from within Reflect, of course.)
I appreciate this feature because it allows you to safely leave your external drive connected (and your backups running automatically) without having to remember to reconnect.
Protecting your cloud storage
Cloud storage and synchronization services automatically back up the files you place in specific folders on your computer to the cloud. For example, if you regularly work in your OneDrive folder, then those files are copied to the OneDrive service online each time they change.
This is a particularly effective form of what I refer to as “near real-time backup”. Every time you save the file, it’s backed up to the cloud, and possibly also downloaded to any other computers connected to the same OneDrive account.
The concern here is simple: ransomware comes along and encrypts your files, and because they’ve changed, those (now encrypted) files are automatically uploaded to the cloud, effectively overwriting your backup.
Both OneDrive and Dropbox have had a form of file history for some time.1 What this means is that if a file has been changed or deleted, you can go to the online interface and restore the file to a previous version before the change was made.
This can be burdensome, however, if hundreds or thousands of files are affected by a ransomware infection.
OneDrive allows you to restore your entire collection of files to a state prior to a given date.
Machine infected by ransomware on Tuesday? After you’ve cleaned your machine of the malware, you can reset your OneDrive to its state the day before, restoring all the files therein.2
Dropbox includes a similar feature, “Rewind”, in its paid plans.
It’s interesting to note that both OneDrive and Dropbox refer to things “going wrong” in their messages. While I’m sure lots of different things can go wrong, the most likely cause for these features’ appearance and popularity is the threat of ransomware.
Don’t let your guard down
I need to reiterate that neither of these features — image backup protection or cloud storage recovery — actually protect you from ransomware. In fact, these features only help once you’ve allowed your machine to become infected and ransomware has done its damage.
Do not let these features lull you into a false sense of security. You still need to be vigilant as you protect yourself from malware, of which ransomware is only one type.