Everything About Mac

Can Ransomware Steal Mac Backups?

So far, the Mac community has avoided the curse of ransomware – a kind of malware terrifying the Windows users for whom it is probably the most serious of the recently arisen dangers. The ransomware’s extreme wiliness is partly explained by its relative simplicity: it encrypts documents without messing with system-level stuff. Another malicious trait about ransomware is its latent character. It can be harmless for some time, and then suddenly execute while the user is being completely unaware of that (for example, when he or she is sleeping). Meanwhile, the ransomware may wind up in the backup set (be it on a remote cloud-based system or with Time Capsule). And even if you buy your own backup device, it is probable that the same ransomware will infect it as well.

So, there is a growing concern about backup security from ransomware. Under the circumstances, it is natural to ask for a remedy that would provide encrypted protection.

It is still too early to predict the character of a large-scale ransomware attack on a Mac system since this malicious software has so far manifested on Macs in a small amount. However, let us try to formulate some principles.

It seems obvious that the recommendations will vary depending on the backup type.

  • With cloud-based backups, new files do not usually overwrite the old ones (that is only possible with some rare configuration of settings). Such backups include archived old file versions; they also retain deleted files and add new ones. With cloud-hosted backups, it is top important to figure out when the ransomware attacked. The remedy measure consists in retrieving from the backup, a snapshot from the period when the attack took place. Now, to complete its malicious mission, the ransomware needs to access your archives and delete them. But such an action involves manipulating backup client software, which is hardly possible for ransomware. Thus, such a simple step ensures a regular checkpoint for your files and hence is an almost unbreakable barrier to the cunning attackers. No need to reset system.
  • As for Time Machine backups, with a directly connected or network-mounted drive, including a Time Capsule, the files should also remain secure. However, there may be ransomware specially designed for macOS. Such software, in theory, would affect your Time Machine backups. They could try to delete, encrypt or corrupt them. Fortunately, as mentioned earlier, no massive ransomware attacks on Macs have been reported. That is also the reason why we still can say little about such a happening. Anyway, you should be aware of such possibility and be attentive to any doubtful manifestations.
  • Clones, that is, exact copies of a drive, are only susceptible to ransomware encryption when connected to an infected computer. By rotating several clones, you will reduce the probability of malicious encryption to a very small value.