MS One Drive As A Backup Solution In The Age of Ransomware

if your clients don't listen then not much can be done...at least for free.
If some money are acceptable then the solution i would recommend is to build your own cloud...a VPS with plenty of space ...all clients communicate with a protocol that doesn't get affected (like FTP)...but again i must mention this cost money...not too much  but some money

Hello,

About the encrypted information synchronizing with a cloud solution, such as OneDrive... it depends...

Case 1: If the malware encrypts your drive. Stopping all the access to your volume, it means that the synchronization to the cloud will stop as far as even your OS and user session is not started. And it means that all your information is going to be still in the cloud.

Case 2: If partial files from your system are encrypted, and as encrypted isolated files they synchronize to One Drive... as far as that is the idea... to have a current copy of your data... the encrypted files will replace the current non-encrypted files in the cloud.

So your problem is mainly related to the second case. From the perspective on Windows many approaches or third party solutions could be used. Or even something simple and native as the 'File History' included with the last versions of Windows. With file history the system its own can synchronize data automatically to a network share, usb or a different local disk or partition.

With this simple technology your user does not require manual interaction and you can combine it with other things. For example, if we talk about laptops, that most of the time they just have one drive and we are not able to send files to a network share. We can even send the file history files to a second partition (usually file history is not used for the same disk as far as if it brakes all your data is loss), but at that point you can configure with OneDrive that the volume where file history is saved keeps synced with OneDrive. In that case if single files are encrypted with malware, FileHistory will allow you to recover multiple different previous versions of the files.

You can also use other products. But, At the end ... the best solution for all of it is client's education and common sense.

Easiest solution is cloud backup.  I would suggest the company invest in something like Druva's inSync.  Or if you prefer something along the lines of crashplan.  Both are versioning backups and after trying both I prefer inSync - I am not a MAC person, but it acts just like TimeMachine.

To help you all understand where I'm coming from, just know I am a small managed service provider using Logicnow Max Remote Management.  I've not been in the industry long enough to become jaded by years of abuse by clients, though I have heard the horror stories.  A couple years ago I paid $700 to recover data for a relative's dead HDD.  Because of that, I am passionate about preserving clients' data.  If they lose data due to a failed drive or malware and I can restore it, I look awesome!  If they don't pay for that service, but I can pull it off for little/no money, I look even more awesome.  So far I've not been able to sell Max Backup to anyone.  No one wants to pay an additional $10/mo for backup services until there is a data loss incident (and sometimes not even then).  So I'm trying to find a solution that doesn't cost me anything extra.

@Thomas - I already have a backup solution built into my MSP platform called Max Backup that no one wants to pay for :(   I do like the idea of CrashPlan, however.  I can get a 5TB HDD for around $100.  If used for archiving, it wouldn't get too much abuse.  I could swap these drives out when they get full and put them on a shelf somewhere and then after a year or so, wipe and swap them back in.

@schnellsolutions - I like your out-of-box thinking and will give this some thought.  A separate volume on a laptop is doable, depending on the size of the drive.  I would have to use Partition Magic to create the partition, set up file history to point to it, and then create a symbolic link from there pointing to OneDrive so Windows doesn't know the slipperoo I just pulled.

@John - I hadn't though about a virtual private server.  While I would enjoy the challenge of setting one up myself, I don't plan to live in the same place for long and have no idea what kind of internet service will be available at wherever I move to.  Not sure how much hosting would cost but I'll look into it.

You've all given me much to think about - thank you!

A VPS is irrelevant to your location...It maybe located in a building nextdoor or half around the globe.
What you need :

• plenty of storage since you are doing file backup they are refereed as storage VPS

• Plenty of bandwidth

• good speed for most of your client

• someone to pay the bill...:)

Other than that you choose backup solution like Cobian and that's all....

CrashPlan is free when you backup locally. DriveImgXml is free for home.  I set up a home NAS that is raided  (5) and backed up.

So, getting back to my original question... there is no way to archive within OneDrive?  I've used backup software where you can scan through a calendar of backups and designate various days that will be archived - frozen in time and immune to deletion when space is needed.  Nothing like that with OneDrive, right?

That sounds a bit again like file history. There you can specify your calendar.... every one hour, daily, etc. And for how many days retain the data. And this is a native tool included with Windows.

@schnellsolutions - file history is not safe, as some ransomware variants attempt to just turn it off and/or delete/encrypt the file stores.  I've verified with MS that OneDrive has no archiving function and the prevailing wisdom is the ONLY sure defense against ransomware is offline backups.  But implementing that for clients is hard.  I've even given away 1TB USB drives and I can't get them to plug them in once/week.  That's obviously a business model that I can't keep up either, unless I was independently wealthy and just doing this as a hobby - which isn't the case.

An idea I have is based on the fact that MS Office 365 non-business offers 1TB cloud storage and can be installed on up to 5 devices.  My idea was to use a second email address to create a second account and then switch between the two accounts every week.  If this could be automated somehow, then I could have a secondary account with all files just one week old to recover from a ransomware attack.  It would double my OneDrive storage space, but it's 1TB.  You can store a lot in that space, so it should work for most people.  I just don't know how I would do this, but in theory it would work.

Like I said before,  cloud backups.

@Thomas - Thank you for the idea.  While I can see it is a very robust platform, I already have access to a similar platform within Max Remote Management (MaxRM) that I can't use because no one will pay for it.  At $10/100GB/endpoint/month (my cost) it is only useful for small-large businesses, not individual users.  Perhaps when I get some business clients I will be able to sell it, but for now it's been dead in the water.

I do agree with you that cloud backup would be the best solution, and MS OneDrive isn't it.

For anyone who might come across this thread with a similar question, I should note that I discovered MS OneDrive does keep a "file history" of any Office documents.  You can access it from the OneDrive website by right-clicking on a office document and selecting "version history."  Non-office documents are not archived.  As I believe it was pointed out in this thread, this would not help you if all of your files were encrypted, though if you were desperate enough I suppose you would take the time to go through and recover any files you need one at a time.

Many years later, and OneDrive does protect files against Ransomware - problem solved :-)