You’re being told by Company X your stuff is safe from Ransomware, but is it really?
What if your backup data to the cloud was compromised before it was backed up?
TL;DR – Paul goes on about the future of malware.
Most of us know someone who had their computer locked and files encrypted and were tasked with having to pay a ransom to get the files back or losing them.
Large data protection companies advertise that you’ll never lose data to ransomware because they keep daily, hourly, by the second backups and that these can’t be touched.
But what if say, your files and computer have been infected with ransomware for a while now? When apps like Dropbox or Google Drive attempt to sync a file to the cloud they’re getting data, but it’s not the data that you’re seeing. It’s already encrypted by the malware.
It’s not particularly far-fetched to imagine a malware that encrypts files and helpfully decrypts them for you up until a date far far in the future, except for apps that sync to the cloud. They get the encrypted bad data.
Now, I’m looking at the long game. You’ve got a backup from a month ago, you’re probably not going to pay someone $500usd worth of bitcoin to get your files back.
Imagine every photo, every document, everything you’ve been assured was backed up for the past few years by whatever disaster recovery service was garbage and you never knew because you never looked at it from a computer that was not compromised.
The backup companies would have done their job – your computer supplied this data to their software which was in turn backed up. But it would have been useless because the data was compromised and encrypted before it ever hit the input read buffer of the backup software.
What would you pay then?
What happens if the malware goes on and cancels your backup subscription or requests a permanent deletion of your backups or changes the owner of the backup account?
Does your backup company have a human you can talk to and set up a verification code for events of hacking?
What if all those backups you stashed away were all compromised and one day, or the next computer you find they just don’t work?
Just things to think about when someone is attempting to sell you a solution. I think this is where malware will be heading next. Basically all the time encryption until one day it doesn’t work and demands payment.
Backup companies I’ve encountered claim the data is encrypted, never looked at other than hashed to make sure you’re not putting warez up.
Are they going to have the technology to verify your photos are good, that your Word doc is not supposed to be a series of “Hey Y’alls” and eggplant emojis that can be decrypted back by a sophisticated malware?
I mean, I’m not just talking encrypting, I’m wondering what happens when malware gets sophisticated enough to scramble your image and descramble it in a working jpeg. When words are substituted, sentences reconstructed, not just encryption.
So yeah, if you’ve got the ability, go to another person’s computer at some point and verify some of your files and media stored in the cloud actually work.
Verify with your cloud backup provider what happens if you request deletion of your data.
Or you know, tell me I’m wrong and it can’t happen. I do miss sleeping at night.
