First things first, Ransomware does not directly encrypt files located in the cloud. However, when files on a computer backing up to the cloud get encrypted, the usable files in the cloud are replaced with the encrypted versions. Once this backup occurs, there is no way to recover the usable files from the cloud unless file versioning is in place.
About Ransomware Attacks
Ransomware attacks, which it seems will not be going away any time soon, resurfaced again just this week. These attacks encrypt files on an infected device in hopes of forcing victims into purchasing a decryption key to regain access to their files. When files are encrypted their extension changes to .ecc rather than .pdf or .xlsx irrespective of the originating file type, (see below for other files these attacks can access and encrypt). This latest attack is called Locker and uses Bitcoin as the payment currency. Unfortunately, paying the perpetrator is not always successful as was sometimes the case with Cryptolocker, a similar Ransomware attack where some victims reported they never received their decryption key after paying.
Beyond paying the ransom, once a device is infected with Ransomware there are no controls in place to prevent the same files from being encrypted again. This is because there are no rules for this type of attack. Remember, the people behind these scams care about money, not how their actions affect people's lives or businesses. Having a greater understanding of how these attacks work, and the best way to protect our files from them, is often the best way to fight back.
Protecting Files from Ransomware Attacks
Cloud storage without file versioning stores a single set of files. When a new version of a file is created, it is uploaded to overwrite the existing file. The purpose of this is simple, to make sure every file is always in the most current state no matter when or where it is accessed. A big problem with a Ransomware attack is that the update process, which normally protects the user, works against the user in this case by overwriting usable files with locked files. Once the files are overwritten with the encrypted versions, usable versions are no longer accessible.
An online backup service like ours provides file versioning so multiple copies of files are stored, rotated, and available for recovery at any time. File versioning can be implemented in different ways, based on a number of days or a number of file copies. For example, if a plan's data retention is set to 90 days and the same file is modified every day, there will be 90 versions of the file. Using the same data retention period, a file modified once a month would have 3 versions available.
Why Ransomware Attacks are Effective
Ransomware attacks hit all kinds of users, but those who do not have any file backups are more likely to feel paying the ransom is their only option for recovering their files. What also makes Ransomware attacks effective is that they are able to encrypt files beyond the infected device including:
- Attached USB flash drives
- Attached external hard drives
- Mapped network drives