One of the comments I quickly received on my article “Using OneDrive for Nearly Continuous Backup” was this:
In other words, if you’re using OneDrive (or Dropbox, or other similar services) to automatically back up files online whenever they change, doesn’t that mean that ransomware would cause those backups to automatically be replaced with their encrypted versions?
But before you give in to a knee-jerk reaction to avoid online backups completely, consider this: they’ll give you more options, not fewer, should ransomware ever strike. In fact, they could save you in ways other backups might not.
Become a Patron of Ask Leo! and go ad-free!
Online backup to the rescue
- Any prior copy of the file is moved to a Recycle Bin on the OneDrive servers.
- The prior copy is moved to the version history for that file. (A kind of recycle bin specifically for that file.)
- The new copy is uploaded.
Yes, OneDrive has a Recycle Bin. This means OneDrive can save your data from ransomware.
It would work like this:
- You use OneDrive to keep a more-or-less continuous backup of your data online.
- Your machine becomes infected with ransomware of some form, and all your data files are encrypted (and therefore lost to you).
- If you are online, OneDrive dutifully notices that the files have changed, and backs up the now-encrypted files.
- You panic. (Technically, this step is optional, but quite common.)
- You disconnect, clean up, rebuild, or otherwise remove the malware from your machine, but are left with all of your files encrypted.
- You visit OneDrive online3, and recover your unencrypted files from its Recycle Bin and each file’s version history.
- You vow to never again do whatever it was that allowed the malware infection to happen in the first place.
- Life goes on.
OneDrive just saved your bacon. What’s more, everything I’ve described above all happens without any other form of backup in place.
But of course, you also have other forms of backup — right?
Belt and suspenders and suspenders
The person who originally left the comment continued:
A simple, but probably inefficient, means I use is to weekly make a copy within OneDrive of backed up files.
This is (almost) exactly what I do myself. Every night I make a copy, elsewhere on my machine, of everything in my OneDrive folder, in the form of a compressed archive (like a “.zip” file). Should I ever succumb to ransomware, I can recover my files from that additional backup. I would not make the copy “within OneDrive”, however, since ransomware could impact that backup copy as well.
Of course, on top of that, I have my nightly backups running to an external hard drive: monthly full backups with daily incrementals, meaning I can always recover the files “as of” a few days ago. (And in case I happen to run across ransomware that also tries to encrypt backups … some of those backups are copied elsewhere, effectively “offline” and not directly accessible to my machine.)
It would take a lot for even the nastiest ransomware to cause me to lose any significant number of files.
You don’t need to go overboard
You don’t need to be as backup-crazy as I am. You can protect yourself with just a few simple steps.
- Use OneDrive for nearly continuous backup of your day-to-day working files.
- Enable File History. File History, though sometimes disabled by more aggressive ransomware, will also let you restore a file to the condition it was in prior to encryption, and can protect files outside of those you keep within OneDrive.
- Take periodic full, and more frequent incremental, image backups of your entire system to protect from almost any type of failure.
- Every so often, take one of those full backup images and copy it to offline storage.
And, honestly, that last one is just to make people panicking about ransomware encrypting their backups happy. That doesn’t happen so often that I consider it truly critical, particularly with what we’ve just discussed about OneDrive’s Recycle Bin.
Don’t let the worst case scare you away from reasonable choices
What concerns me most are folks who say they won’t use online backups because their files might be encrypted by ransomware and the online backup would be useless.
Ransomware is only one type of threat. More importantly, it’s not even the most likely threat.
For example, a hard disk failure can be much more destructive than ransomware, and is probably much more likely to happen. Even more bluntly: you’re more likely to accidentally overwrite or delete a file than you are to personally encounter ransomware.
Even if the Recycle Bin didn’t exist, continuous online backups save your files from many threats that don’t involve invalidating the backup.
The same is true for nightly backups to an always-connected external hard drive. Yes, there’s a chance that ransomware could encrypt your backups. There’s a higher probability that you’ll be glad you had those backups current for a variety of other failures.
Making backups easy, timely, and automatic is more important than fearing one specific — albeit destructive — form of malware.