Igor very good your explanation but get me out a doubt. If my machine get a Ransonware, don't know if you know what it does, but in case you didn't know, it encrypts and locks all files from my pc, all of them even. Will a time in cloud and stop automatically, he will do it with the files in the clouds, too?
Great question! Let's talk about ransomware and its implications on the OneDrive.
First … You know what it's like to ransomware?
Ransomware is the attack carried out using Cryptovirology covertly installed malware that encrypts the victim's files and then requests the ransom payment in return for the decryption key that is needed to recover the encrypted files.
In other words, ransomware is a type of malware (such as a computer virus) which encrypts personal files of a computer user, making them inaccessible. The purpose of evildoers is to levy a ransom (ransom) in Exchange for the password that decrypts the files. It's as if, suddenly, all your personal files had been kidnapped.
Scary, isn't it?
Back to the question that gave rise to this post. Matheus wants to know if a ransomware would affect the files synchronized by OneDrive. In other words, "the copy in the cloud would also be encrypted?"
The answer is Yes. The copy of the files in OneDrive would also be affected. But that doesn't mean the bad guys won. Not even!
A little known feature of OneDrive is the file history: it automatically maintains the latest versions of your files, every time you save.
IMPORTANT: the file history works only for Office files. At least as far as I could test, other files such as images are not versioned.
Retrieving a file encrypted by ransomware
If you were attacked by a ransomware and had its encrypted documents, you will see something like this when trying to access the latest version of your document on the web:
In this case, you can use the OneDrive to retrieve at least the Office documents. From another computer (or after reformat the infected computer), click a previous version to the corrupted (the penultimate version is probably the obvious choice; if it is too corrupted, try an earlier) and use the Restore command:
This will restore the document to an earlier version to ransomware attack. Now you can access your document again, both from the web as directly on a computer where the syncing is turned on:
See how the OneDrive can help with Office file versioning? He does not offer a complete protection to all your files, after all the history of Versions works only for Office documents. However, it serves at least as hope for someone who will fall victim to ransomware-are great chances that some part of your files could be retrieved.
None of this diminishes, however, the importance of a comprehensive backup process. Speaking of backup, you know the rule of three of the Backups?
- 3 copies of anything that is important to you. Two copies are not sufficient if an important file;
- 2 different formats. For example, Dropbox + DVDs or external HD + Memory Stick or Flash drive + OneDrive …
- 1 off-site backup. And if the House burns down?
And you, as does backup of your data? Share in the comments!