Can ransomware affect my cloud backup?
The first thing we are going to do is explain what ransomware is and if we should pay the ransom. We will then determine if our cloud backup can be affected by ransomware. Finally, we will see if there is any possibility of recovering those files hosted in the cloud and that have been infected with ransomware.
What is ransomware and should I pay the ransom they ask of me
The moment we receive a ransomware attack, this malicious software will take care of encrypting all the data on our computer. In addition, we also have the possibility that all the data that is shared in the local network is encrypted and also ends up affecting more computers. If we have a backup in the cloud with those files without them having been infected, we could erase and restore those affected computers with clean copies and return them to normal.
However, we are often not so far-sighted and to recover those files they will ask us to pay a ransom to obtain that decryption password. One thing you should keep in mind is that you should not pay a ransom after a ransomware attack because for other reasons we may again be victims of the same extortion.
Can ransomware affect my cloud backup?
The answer is yes, but it depends a lot on how we have our cloud storage configured. This option can make the difference between having a backup in the cloud safe or not, often it has to do with the timing.
What happens is that in a short time, those files that we thought were safe in the cloud backup are already infected and encrypted by ransomware. In this case, they have replaced the original files that were not infected with others that are.
On the other hand, an additional risk should be added to these infected files that can cause damage to other computers that share that information. Currently, sharing files for teamwork is the order of the day. These users, even if they have been careful, can be infected when these files are automatically synchronized and downloaded to their hard drives.
What to do if we are victims of a ransomware attack
As soon as the ransomware affects our backup, we must start taking a series of measures. As each cloud has its peculiarities, we are going to take Dropbox cloud services as an example, which recommends following a series of steps:
- We have to log off the infected device remotely. If we do not know which device is infected, it is best to close the session on all devices. What we want is for this ransomware to spread to the fewest number of devices.
- In your cloud account, check that you do not have encrypted files and that everything is in order. Dropbox allows you to recover the version history of a file, and we can select a version prior to the ransomware attack.
- You have to make sure that the device is free of malicious software. Then we have to delete the Dropbox folder or our cloud with the previously encrypted files.
- Then we log into our device, and the good files are downloaded from our cloud.
Finally, it should be noted that this task of restoring files is not always available in all cloud services and can be complex to perform. For example, in Dropbox, we would have to do it with the files one by one, unless we used the Dropbox rewind function but this is only available in some paid versions.