iCloud Drive files NOT safe from Ransomware

in #security7 years ago

With the leaked NSA trove of hacks and malware tools, we are seeing more exploits than usual. As a Mac user, we aren't getting hit quite so much as the Windows users, but we are still vulnerable and we should carefully assess the risk to our data. If your Mac gets exposed to a "Petya"- style ransomware app, the malware will go to every file it can reach and encrypt it. If your backup drive is attached at the time you are hit, all your files on the backup will be encrypted too. If the company server is currently mounted when you are hit, all the files you have privileges to will be hit.

So, does this mean I'm totally hosed?

That will depend on whether you have another backup that you regularly cycle in, or if you have your files safely offsite in the cloud.

But can the ransomware reach those files in the cloud?

Not directly, but cloud services that watch for changes in the local folders then copy those changes to the cloud, of course the answer is yes. Dropbox, iCloud, Google Drive, Box.com, SugarSync, are just a few of this kind of service you may have.

So, does that mean I'm totally hosed?

This depends on whether that service offers recovery to a previous version.

Dropbox and Google drive allow recovery of previous versions for a limited time. I'm not saying it will be easy, and not a one-file-at-a-time process but we could drop the "totally" from "totally hosed" if your precious data is in one of these services.

Now the interesting part: iCloud does not offer a way to get to previous versions! By default in Sierra, iCloud is moving users' Desktop and Documents folders into the cloud. It would be easy to assume that means you have the peace of mind benefits that come with offsite backup. But no.

iCloud does have a tool for file recovery (in iCloud.com under Settings, lower left called Restore Files) but in my experience it just searches endlessly for files to recover and comes up relatively empty. That, and there's definitely no way to get earlier versions with this tool. Come on, Apple!

So is there something I should be doing?

Yes. Along with your Time Machine, Carbon Copy Clone or Superduper onsite hard drive backups, you should also have a full-drive, online backup service, like BackBlaze, Carbonite or Mozy. I use Backblaze, which for $5/month will backup everything attached to a single computer. Should something go wrong and you quickly need to get terabytes of data back, they allow you to order a replacement hard drive with the backup as of the date you specify.

This needs to be part of your backup strategy in this era where all your data can be taken hostage with one wrong click.

Please upvote this to get the word out!

Thanks,
Ark
MacIT