ASK
Email Mac|Life at ask@maclife.com Get official documentation at support.apple.com| Get help with hardware at support.apple.com/repair
Are my backups at risk?
My Mac backs up to four places: a local Time Machine backup, a NAS, Dropbox, and each month to an external drive. If attacked by ransomware, would those be at risk?
Unfortunately, much of that depends on how well written the ransomware is, and what vulnerabilities it exploits.
Ransomware typically starts by encrypting local storage. Because macOS has System Integrity Protection (SIP), system files and bundled apps can’t normally be encrypted. Ransomware is therefore most likely to start with your Home folder; if that’s large, it could take hours to encrypt completely.
SIP protects only your startup volume, so eventually the ransomware could get to encrypt your backups, when they’re mounted. With multiple backups, that’s unlikely to happen before it announces its presence or you detect it. When your monthly drive isn’t connected, malware can’t attack it, making it a valuable part of your protection strategy.
Although anti-virus products normally incorporate checks and signatures once malware has been identified by researchers, most can’t offer good protection until the malware is known about.
Generic techniques are the only means of protection from unknown malware; Objective-See’s RansomWhere? from bit.ly/objectivesee_ransomware uses a generic approach and should warn you very early if ransomware starts encrypting your files. RansomWhere? is free to download and use.
Hot topics right now
Make sure you check out these
You’re reading a preview, subscribe to read more.
Start your free 30 days