Protecting cloud backups against crypto trojans?


Since crypto trojans are on the rise and the only real protection seems to be offline file backups, I was wondering if backups in the clouds are safe if odrive has mounted the cloud drive in Windows explorer. Probably not. However, what if the local drive is unsynced and only shows the placeholder files (for instance if one can make sure that a backup folder in the cloud is never synced locally). Would that be safe enough or would a crypto trojan be able to encrypt the data in the cloud if only the placeholder file is stored locally? What is your suggestion on this?


1 Like

Hi Alex, great question! Any files that are UNsync’d will not be effected, as odrive uses “placeholders” and is not a fully mounted virtual drive. Files that are currently sync’d will indeed fall victim to the encryption as they are open to manipulation, and will reflect any local changes to the cloud. Luckily, most of better cloud storage services have file versioning which would allow you to roll back to a pre-encrypted state. Please check the details of any cloud service you use to see if they support versioning.

1 Like

Hi Eric,

thats cool. So in case I catch a trojan and my placefolderfiles are affected, I could just delete them? Wait … no, if I delete them, the cloud backups get deleted I suppose. (at least after emptying the trash). So what would I do if my placeholder files are affected?

Also, at least the crypto trojan locky seems to change the filename as well. So if the filename of the placeholder files are changed, does this affect the data in the cloud?

Yeah, file versioning in the cloud might help although that would be a really last resort. Some of those trojans delete Windows shadowcopies as well.

1 Like

Placeholder files represent data in the cloud. When in a placeholder state you can move, delete, and rename and those changes will be pushed to the linked storage. Any local renames would be reflected. However, if you have files inside a directory, and the directory is in a placeholder state (“collapsed”), then none of the underlying files are accessible, which means those files are untouchable locally.

As for changing the data in placeholders, there isn’t anything to change. All placeholders are empty files. They are merely metadata representations of cloud files. You can see this yourself by opening one of them up.