Click to close the image preview

Showing results for 
Search instead for 
Do you mean 
Most Liked Users
User Reps Count
5
Announcements
The Mozy Blog: Windows 10, FilterError0, and Digitally Signed Driver Errors
A new update has been released for the Windows client that resolves some issues users were experiencing with Windows 10. Check out the latest blog for details!

April's Webinar: Protecting Your Data From Attack
In case you missed it, April's webinar has been posted!

Looking for support?
Create a new post with your question and our community members and moderators will be happy to help answer it for you!
nli
Cook
(0)
Solved (Go to Solution)

Are files in Mozy and the Mozy Sync folder safe from ransom-ware attacks?

I just listened to a show on NPR about an escalation in ransom ware attacks against anyone, not just large institutions, but even private individuals are being attacked. 

 

Does anyone know whether the files in the Mozy Sync folder and files backed up by Mozy Home are protected from encryption by a ransom ware attack?

 

 

0
zachm
Admin Emeritus
(386)

Re: Are files in Mozy and the Mozy Sync folder safe from ransom-ware attacks?

Excellent question. I find it odd that nobody has answered yet as I know there are a few that are passionate about this topic. Give me a few minutes to find some documentation around this.

Zach M.
Community Manager
0
zachm
Admin Emeritus
(386)

Re: Are files in Mozy and the Mozy Sync folder safe from ransom-ware attacks?

I can't seem to find what I"m looking for. I'm going to get an agent to assist us since they could give you the best info.

Zach M.
Community Manager
0
username...

Master Level 1
(2981)
Solution

Re: Are files in Mozy and the Mozy Sync folder safe from ransom-ware attacks?


nli wrote:

I just listened to a show on NPR about an escalation in ransom ware attacks against anyone, not just large institutions, but even private individuals are being attacked. 

 

Does anyone know whether the files in the Mozy Sync folder and files backed up by Mozy Home are protected from encryption by a ransom ware attack?

 

 


The files are sort of protected. The Mozy app will backup (or Sync)  the files that were changed by the ransom ware. You would need to restore files from a previous backup..

 

The Mozy apps (Backup and Sync) were designed to protect user generated files. Ransom ware changes more than user generated files. Those "non-user generated files" probably won't be available for restore (unless the user manually selects them for backup). In some cases, users will need to re-install applications to get things working again.

 

For example, some computers come with a recovery partition. In theory, the user could use this recovery tool to make the computer the way that it was when it came from the store. Unfortunately, many versions of ransom ware will change files on the recovery partition... thus preventing the restoration of the computer to its factory state.

 

 

MozyHome users have 30 days to get their files back from Mozy. Some laptop users only have their laptops turned on a few hours a week. I have seen one case of ransom ware that took several weeks to complete the encryption process for the files that it was gong to hold hostage. It is possible that Mozy won't have a good (unencrypted) copy of a user's file if it has been more than 30 days since the changed (encrypted) file was backed up. However, only a few files would be lost.

 

There have been suggestions that Mozy change its file retention policy to always keep two versions of every changed file. In this case, one good version of a file and the ransomed version. It is easy to make that suggestion. It is hard to correctly implement same.

 

Your best protection against ransom ware might be software that specializes in not allowing ransom ware to change any files. CryptoPrevent is a mature product that can help in this area - however, those maintaining/supporting that tool are not very mature (not very professional). You are pretty much on your own if you install the free version of CryptoPrevent. The folks at Malwarebytes have a tool in beta testing (https://forums.malwarebytes.org/topic/177751-introducing-malwarebytes-anti-ransomware-beta/).- but it is not ready yet.

 

In my opinion, users should not have to worry about ransom ware. The makers of antivirus apps should incorporate anti-ransom ware rules.

zachm
Admin Emeritus
(386)

Re: Are files in Mozy and the Mozy Sync folder safe from ransom-ware attacks?

I agree. But outside enterprise solutions (which aren't even 100%) People often don't realize they have to renew their subscription, don't have av protection, aren't completely updated, etc... But you are right, this really should be a built in.

Zach M.
Community Manager
0
nli
Cook
(0)

Re: Are files in Mozy and the Mozy Sync folder safe from ransom-ware attacks?

Thanks very much for your analysis and advice.  It looks as if the only solution available now is to have an external drive that I back up my files onto and then disconnect from my computer, and to make sure the programs I need to use are either on a disk or subscriptions.  

0
AllanH
Moderator
(203)

Re: Are files in Mozy and the Mozy Sync folder safe from ransom-ware attacks?

@nli

 

Both backup and sync create duplicates of your files and unfortunately do not differentiate between infected or healthy states. To put it simply: A file is a file as far as backup and sync are concerned. One great thing about having Mozy Backup, is the ability to restore your files to healthy state by restoring them back to a date that was infection/ransomware free.

 

Our customers routinely have used Mozy to recover from ransom ware attacks. I agree that prevention is the way to go and I hope that major internet security companies begin deployment of anti-ransomware solutions. In the meantime, data backup is a great way to recover from data loss resulting from ransomware.

0