Spaceman

I store NOTHING of importance on my PCs. Should I be afraid of randomware etc?

Recommended Posts

Hi All,

So most ransomware stories I hear are about people who have been locked out of their PCs, and are being asked to pay money to have their PCs unlocked and their files decrypted.

I store NOTHING of importance on my local PCs. Everything of important is in the cloud (mainly Google and Dropbox).

So if this happened to my PC, I'm thinking "no worries at all, I'll just do a factory reset, which is probably long overdue anyway". I don't backup my local PCs... because there's nothing I care about on them, and would much rather do a factory reset, fresh install than restore from a backup.

How bad/careless is my thinking?

That said, I assume that it's possible that really nasty ransomware could get to my cloud files as well. Of course I use strong passwords, a password manager, take all the usual care not to fall victim to phishing, etc.

Would love to learn more this topic, i.e. from an almost 100% cloud user.

Thx.

Share this post


Link to post
Share on other sites

Couldn't ransomware encrypt the files in your Google Drive and Dropbox folders on your PC which would automatically be encrypted in the cloud? I rarely take backups myself but use system restore points a lot and use Sync for encrypted cloud storage, but Sync is only open when I need to upload and download files for that very reason.

Share this post


Link to post
Share on other sites
Quote

Couldn't ransomware encrypt the files in your Google Drive and Dropbox folders on your PC which would automatically be encrypted in the cloud?

Yes, I assume so that's what I was thinking, but not saying 🙂

So what I'd love to read is expert feedback and advice from security experts about how to best protect yourself against this specific threat. I'd like to think that Google, Dropbox, etc. have advice and/or protections in place in the event that this should happen... but in the first instance I'd like this to come from an independent 3rd party security expert, not Google, Dropbox, etc. themselves.

Could be a very popular article IMHO, given that it's all about he cloud these days.

Share this post


Link to post
Share on other sites

I'm not sure about the free version of Dropbox, but the paid version has 'file versioning' which means that if a file has changed in the last n days, Dropbox will have the current version and the older one(s). The basic paid product stores all versions of files over the last 30 days, though you can pay more and have a year's worth stored.

If you do have versioning, if some malware destroys files, then provided you notice this within n days, you should be able to recover the older versions alright (though you'd need to do that on a 'clean' machine).

Not surprisingly, the versioning is automatic if you're running the Dropbox desktop client.  If you don't do that and instead just upload files to online storage when you choose to, you're probably not going to be able to find older versions.

Share this post


Link to post
Share on other sites

Thanks Jeremy.

I've been Googling for information about google drive and ransomware, but not finding a lot.

https://support.google.com/a/forum/AAAA034zvV8FwIQqGIvt1A/?hl=en&msgid=ULGdEH50AwAJ&gpf=d/msg/apps/FwIQqGIvt1A/ULGdEH50AwAJ - small discussion here.

https://spinbackup.com/blog/can-ransomware-infect-google-drive/ - commercial solution here: Spinbackup

Would be nice to find some official Google advice on this.

Share this post


Link to post
Share on other sites

As Jeremy already mentioned: Most cloud storage providers offer revisioning. Meaning they keep old revisions of your files. Dropbox has support for it and Google Drive does as well (just click on the file in question, click on the hamburger menu and select "Manage versions"). It can be kind of a pain to roll back all your files though as there is often not a way to do it for your whole cloud storage but only on a per-file basis.

Share this post


Link to post
Share on other sites

For rolling-back multiple files (with Dropbox) I think one has to ask their support staff to do it.

One minor annoyance I have with Dropbox is that if one wants to examine the contents of a set of previous versions of a file there doesn't seem to be a way to download a set (eg all versions from a specific day or week) at once.  One has to do it one by one.   And although their system clearly knows the date & time that a file changed, and displays it ... the download option doesn't insert the date/time stamp into the default filename... so if you do want to download multiple versions it's much more fiddly than it needs to be.

Also, plain text files with uncommon extensions (eg a lot of mine are ".rex" or ".txtplain") are not classed as viewable online so have to be downloaded to be examined.  I can understand that they only directly support common extensions - see: https://help.dropbox.com/files-folders/file-types-that-preview   - but a "view as plain text" option would have been great. 

At some point I'm going to experiment with rclone - https://rclone.org/  - to see if I can write scripts for working with files held in Dropbox (or elsewhere, eg my Rackspace account).  A quick look at the rclone documentation doesn't make it clear whether it supports access to old versions of files, though.

Share this post


Link to post
Share on other sites

Thanks for your feedback guys :thumbs:

It sounds to me that storing all your important files in the cloud - with reputable providers such as Google, Dropbox, etc. - is therefore a good recommended idea, at least as far protecting action ransomware and the like is concerned?

Of course this assumes that you sufficiently trust your cloud storage provider, i.e. that they won't get hacked in a bad way, e.g. losing or sharing/exposing your files.

And of course there will be times when it's inconvenient or technical impossible to store certain 'active' files in the cloud, e.g. large video files you might be working on.

Or to frame the same question in a different way: if everyone stored all their files in the cloud, presumably this would greatly diminish the negative impact of ransomware criminals.

Share this post


Link to post
Share on other sites

> It sounds to me that storing all your important files in the cloud ...  is therefore a good recommended idea ...

As a Dropbox user, it's important to me that the files are all on my local disks as well.  I wouldn't be anything like so happy if they were only on other people's servers.   I first started using Dropbox when I had 3 PCs (though at the moment I have fewer) and its continuous syncing of files between the machines was a major benefit for me.   However I deliberately didn't have all of my machines online at once... so if something went wrong with Dropbox possibly the offline machine's files wouldn't be affected.  

> Of course this assumes that you sufficiently trust your cloud storage provider, i.e. that they won't get hacked in a bad way, e.g. losing or sharing/exposing your files.

Or have a catastrophic system failure, major fire, earthquake...    I hope that some of my files' backups are stored across multiple data centres, but I don't know.  As far as I'm concerned having some copies of many of my files on Dropbox's systems is useful but I certainly wouldn't want to rely solely on it.   I am planning as I have a Rackspace account too (and am storing less there than I could for their new minimum monthly charge) to start uploading backups to them... when I find the time to do it.  

> ... if everyone stored all their files in the cloud, presumably this would greatly diminish the negative impact of ransomware criminals.

Not if an infected machine can see and alter those files.  And let's face it, having your everyday files in the cloud is not of much practical use (except for backup) unless you can see and alter them.

Share this post


Link to post
Share on other sites

Thanks again Jeremy.

Our small business is a semi-distributed one. We've got about 15'ish team members in 6 remote locations. So our normal way of working is in the cloud. Some of us will naturally sync some of the files to our local PCs. But if any of our local PCs were hit by ransomware, then I assume the typical/immediate impact would be the local machines first, and maybe the cloud-hosted files second.

I guess my point is that, unless one or more of us are actively syncing our cloud files AND doing some regular offline backups, then we really are 100% dependent on our cloud storage providers either a) not being affected by a local ransomware attack and b) if they are, being in a position to help us roll back to earlier file versions.

Share this post


Link to post
Share on other sites

Ransomware aside, you need to consider what you'd do if some other disaster struck your cloud provider(s).  Or if all the employees in a particular country/region were inconvenienced by a huge internet outage. 

You mention that you use Dropbox, but also said that perhaps only some of you sync files to local PCs - surely someone in the business should dictate what company policy is for this?   I presume that since this is business use you're not just relying on Dropbox's free (limited amount of storage) offering?  So why would you not have everyone sync either every file, or at the least those that they are working on to their local machines?  Then if there's some sort of disaster you probably have Dropbox's file copies AND up to 15 other sets of files.  What you describe sounds awfully un-thought-out.  

It might be that you should consider doing what you do now for the active files... but make sure that daily/weekly backups are synced to everyone's machines.  Whatever you do, you need a strategy that's been thought about.

Share this post


Link to post
Share on other sites

Thanks Jeremy.

I think we're getting a little off-topic from my original post about which was only looking at my PC, and how ransomware might affect it, in isolation. We're now getting into a broader discussion about company-wide backup policies, roles, permissions, etc. which is a much bigger and broader topic. Nevertheless, it's caused me pause for thought to review our company-wide policies, so thanks for that 🙂

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.