Internet users when we browse the Internet, we are exposed to malware, viruses, Trojans, computer worms and more. Cybercriminals seek to profit from their attacks, and apart from those previously mentioned, one of the most powerful and lucrative attacks for them is the ransomware. Thanks to the ransoms paid by victims to recover their data, it is a very profitable business for these cybercriminals. In this article, we are going to determine if ransomware can affect my cloud backup.
The first thing we are going to do is explain what ransomware is and if we should pay the ransom. We will then determine if my cloud backup can be affected by ransomware. Finally, we will see if there is any possibility of recovering those files hosted in the cloud and that have been infected with ransomware.
What is ransomware and if I should pay the ransom they ask me
The moment we receive a ransomware attack, this malicious software will take care of encrypting all the data on our computer. In addition, we also have the possibility that all the data that is shared in the local network is encrypted and also ends up affecting more computers. If we have a backup in the cloud with those files without them having been infected, we could erase and restore those affected computers with clean copies and return to normality.
However, we are often not so far-sighted and to recover those files they will ask us to pay a ransom to obtain that decryption password. One thing you should keep in mind is that you should not pay a ransom after a ransomware attack because for other reasons we may again be victims of the same extortion.
Can ransomware affect my cloud backup?
The answer is yes, but it depends a lot on how we have our cloud storage configured. That option that can make the difference between having a backup in the cloud safe or not, in many cases has to do with the synchronization.
What happens is that in a short time, those files that we thought were safe in the cloud backup are already infected and encrypted by ransomware. In this case, they have replaced the original files that were not infected with others that are.
On the other hand, an additional risk should be added to these infected files that can cause damage to other computers that share that information. Currently, sharing files for teamwork is the order of the day. These users, even if they have been careful, can be infected when these files are automatically synchronized and downloaded to their hard drive. You may be interested in knowing how a ransomware attack works and what tools are used.
What to do if we are victims of a ransomware attack
As soon as the ransomware affects my backup, we must start taking a series of measures. This is how we could act in the case of Google Drive. As each cloud has its peculiarities, we are going to take Dropbox cloud services as an example, which recommends that we follow a series of steps:
- We have to log off the infected device remotely. If we do not know which device is infected, it is best to close the session of all devices. What we want is for this ransomware to spread to the fewest number of devices.
- In your cloud account, check that you do not have encrypted files and that everything is in order. Dropbox allows you to recover the version history of a file, and we can select a version prior to the ransomware attack.
- You have to make sure that the device is free of malicious software. Then we have to delete the Dropbox folder or your cloud with the previously encrypted files.
- Then we log into our device, and the good files are downloaded from our cloud.
Finally, it should be noted that this task of restoring files is not always available in all cloud services and can be complex to perform. For example, in Dropbox we would have to do it with the files one by one, unless we used the Dropbox rewind function but this is only available in some paid versions.