Quote:
Originally Posted by Sr. Mints
I don't know if this is a dumb question, I don't know anything about this stuff.
Would Crashplan help (or protect/backup my own files) if, say, all the servers at work were hijacked by ransomware and instead of paying the ransom everything got deleted? Not that I'm saying that happened last week, or anything...
I.e. would whomever [potentially] hijacked the servers have access to a portable hard drive that was hooked up to a work computer through Crashplan?
|
If I had to guess.... yes and no depending on the situation.
A portable hard drive if left connected to the server, I'd assume would end up getting hit by the ransom ware as well because it's viewable and accessible from the infected computer. But if the drive was disconnected and not reconnected to an infected computer, then I'm guessing it should be fine. Ransom ware would try to lock up every file it can get its hands on, no?
Your question isn't really dumb. It's a good one to ask. You should also spend the time to know the difference between a mirror "backup" and a true back up. One is a snapshot in time unaffected by future changes. The other just reflects (mirrors) what happens on a different computer.
For instance, some people say they use dropbox as a "backup". It's not a back up. It's a mirror. Useful if your hardware dies or is stolen, then you can hop on a different computer with the last save, download it and keep working. But if you accidentally deleted a file or it corrupted or was ransom ware'd, you're leaning towards SOL.
Here's the confusing part. Let's say you had two dropbox folders sync at time A. At time B computer A gets infected wiping out your dropbox files. If computer B isn't connected to the internet, you can recover those files by taking the computer offline before it has a chance to mirror the deletions on computer A. An offline drop box folder is technically a "back up" of the last sync. Copy the not yet deleted files to a thumb drive or desktop so that they don't get deleted when the computer is reconnected to the internet.
A true backup is a snapshot. It's a redundancy created where some point in the past > current situation for a file. For instance, a deleted or infected file. Or in some cases, a file that has stuff added to it you'd like to reverse and it's easier to go to the snapshot than start over or reverse what has been done. Now, during the back up process, it essentially mirrors the files on the server as at the time it is backing up. But after the mirroring is done, the backup is "filed away" and no longer mirrors the files going forward.
So if the drive has a back up from before the ransom ware, it can be used to restore. But if the drive has copied ("mirrored") the ransom ware attack, it too along with the server is likely to be burned to the ground.