al4629740
asked on
ransomware and encryption
I have a question about ransomware. If my computers C drive is already encrypted, is it still possible for ransomware to hold my computer hostage by encrypting files? if we have office 365 and all the files are also backed up to the cloud through OneDrive, doesn’t that also create a level of protection?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
so then in laymens terms how does ransomware actually infect a file so that it can’t be accessed?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I believe OneDrive goes back 30 days to do a restore of the drive. if we just install a new system, we could just do restores within that time as I doubt we would need more than 30 days on the backup before we realized there was an attack.
I would not consider 30 days acceptable in a business environment, for several reasons - but in this specific case the reason is that there is no telling how long something sat dormanton a drive before deciding to activate. Day Zero exploits are, by definition, not detectable so it does not matter whether the victim system had an antivirus and scanned itself regularly.
ASKER
point taken. what length of time do you recommend?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'd keep at least one year of backups in a business environment, with full backups at least on a monthly basis.
ASKER