Howard Oakley solves Mac and iOS issues
QMy Mac backs up to four places: a local Time Machine backup, a NAS, Dropbox, and each month to an external disk. If attacked by ransomware, would those be at risk?
AMuch depends on how well written the ransomware is, and what vulnerabilities it exploits. Ransomware typically starts encrypting local storage. Because macOS has System Integrity Protection (SIP), system files and bundled apps can’t normally be encrypted because of that. It’s thus most likely to start with your Home folder; if that’s large, it could take hours to encrypt completely.
SIP only protects startup volume, so eventually the ransomware could get to encrypt your backups, when they’re mounted. With multiple backups, that’s unlikely to happen before it announces its presence, or you detect it. When your monthly drive isn’t connected, malware can’t attack it, making it a valuable part of your protection strategy.
Although anti-virus products normally incorporate checks and signatures once malware has been identified by researchers, most can’t offer good protection until the malware is known.
Generic techniques are the only means of protection from unknown malware: Objective-See’s RansomWhere? from bit.ly/ objectivesee_ransomware uses a generic approach and should warn you very early if ransomware starts encrypting your files.
Conventional anti-virus products should protect from known ransomware, but you need protection like RansomWhere? to detect suspicious activity.
EXPER T AD VICE Our resident genius solves your Mac and iOS problems