Encryption ransomware: How does odrive sync behave?

Hello!
My question is: As there are now malwares floating around which encrypt your data in the background to force you to buy a decryption key, how is odrive behaving when a local file gets encrypted?

Assuming the following scenario, using Amazon Drive as a cloud hoster:

  • There’s a fully synced folder A on the local harddrive with pictures in it, now a ransomware encrypts everything.
    I guess odrive will then upload these encrypted files to Amazon Drive during syncing and overwrite the originals?

And what about if there’s a local folder which only contains the stubs for the pictures?
Will they get encrypted? Will the encrypted stubs replace the original files on the hoster?

Hope you can bring some light into that topic, just in case…
Thanks!

1 Like

Hi @Antonio,
Please take a look at this thread here: Protecting cloud backups against crypto trojans?

The short of it is that locally synced files can be affected, unsynced files can’t.

1 Like

Hi @Tony ,
thanks for the answer and the other thread.

What I take with me is that everything’s safe when the folders are unsynced.

Though I wonder what would happen if one renames + encrypts a placeholder file (is that even possible for a 0kb file??), then syncs it’s folder, then deletes the placeholder file…

Maybe I try it out myself :wink:

1 Like

Hi @Antonio,

A rename of the placeholder file/folder will be committed, so the new name will be reflected in the cloud.
Changing a placeholder file’s content has no effect on the remote file’s content.
A delete will be held in the odrive trash, so it will not be committed to the cloud unless you empty the odrive trash.

2 Likes