Extra-destructive malware might call for extra-strong protection.
In a previous article, I wrote about how ransomware is nothing special when it comes to prevention — it’s “just” malware, and the same steps you take to protect yourself against malware are the steps you take to protect yourself from ransomware.
Because of ransomware’s devastating consequences, however, many people want additional assurance that they’re protected even if they allow such malware to reach their machine. In particular, two questions come up often: what about files stored in services like OneDrive or Dropbox, and what about backups stored on connected external hard drives?
There are approaches to specifically ease those concerns.
Become a Patron of Ask Leo! and go ad-free!
Macrium Reflect’s “Image Guardian” feature allows you to leave your backup drive connected without fear of ransomware encryption. OneDrive and Dropbox have features that will roll back your entire collection of files to a prior date, should ransomware strike.
Protecting your backups
I’m a big believer in regular, automated image backups. Automation requires a destination for the backups — typically an external drive — being always connected and ready.
The concern is that ransomware, as part of encrypting your files, might also encrypt files on your backup devices. This makes the typical ransomware protection advice — just restore a recent backup — impossible.
Macrium Reflect has a feature called “Image Guardian” in its paid versions to protect against just such a situation.
The concept is simple: only authorized applications — namely Macrium Reflect itself and a couple of very specific exceptions — are allowed to do anything to the backup images.
Even attempting to delete such an image in Windows File Explorer will generate an error and a notification.
This locks your backup images from unauthorized modification, particularly by malware. (You can delete the file from within Reflect, of course.)
I appreciate this feature because it allows you to safely leave your external drive connected (and your backups running automatically) without having to remember to reconnect the drive.
Protecting your cloud storage
Cloud storage and synchronization services automatically back up the files you place in specific folders on your computer to the cloud. For example, if you regularly work in a OneDrive folder, those files are automatically copied to OneDrive online each time they change.
This is a particularly effective form of near-real-time backup. Every time you save the file, it’s backed up to the cloud, and possibly also downloaded to any other computers connected to the same OneDrive account.
The concern here is simple: ransomware comes along and encrypts your files. Because they’ve changed, those (now encrypted) files are automatically uploaded to the cloud, effectively overwriting your backup.
Both OneDrive and Dropbox have had a form of file history for some time.1 What this means is if a file has been changed or deleted, you can go to the website and restore the file to a previous version before the change was made.
This can be burdensome, however, if hundreds or thousands of files are encrypted by ransomware.
OneDrive allows you to restore your entire collection of files to a state prior to a given date.
Was your machine infected by ransomware on Tuesday? After you’ve cleaned your machine of the malware, reset your OneDrive to the state it was in on Monday.2
Dropbox includes a similar feature, “Rewind”, in its paid plans.
It’s interesting to note that both OneDrive and Dropbox refer to things “going wrong” in their messages. While I’m sure lots of different things can go wrong, the most likely cause for these features’ appearance and popularity is the threat of ransomware.
Don’t let your guard down
I need to reiterate that neither of these features — image backup protection or cloud storage recovery — actually protect you from ransomware. These features only help after you’ve allowed your machine to become infected and ransomware has done its damage.
Do not let these features lull you into a false sense of security.
You still need to be vigilant as you protect yourself from malware — of which ransomware is only one type.