Ransomware Infection - is it the C: Drive or all drives?

[lrscpa]

I have multiple drives connected to my PC, and am running ESET Smart Security:

C: - 256GB SSD
D: - 3TB HD
G: - 256GB SSD
I: - 256GB SSD
J: USB3 Backup Drive

All critical documents are stored on OneDrive or Dropbox.

Should I be hit with Ransomware, is it drive related (i.e. only my C: drive affected), or PC related (all drives affected)?

And are my files stored on OneDrive and Dropbox safe?

 

[Elixer]

Usually, the malware that encrypts does it to all drives, so, no, not only C, but the rest of them as well.

You need to have offline backups.

If you are always signed into OneDrive / Dropbox and you have a sync option enabled, then, those will get hit as well.

 

[corkyg]

Agree with Elixer. The infection comes via Windows, so anything actively connected to that OS is vulnerable. If there are external drives not connected, they are safe as long as they are not connected when Windows loads, or is accessed after Windows loads. Off line storage/backup is the best way to go.

 

[HitAnyKey]

Totally agree on the strategy of Offline backups as part of your DR strategy. Your backups should always be disconnected until needed to avoid being compromised/corrupted/encrypted.

The other way to protect yourself is to ensure your backups have a retention policy with multiple copies over a number of days. That way you can pick a different date to restore from.

Otherwise you may end up stuck with useless backups.

 

[John Connor]

I clone to an external HDD. Can't get any simpler than that. I don't trust the cloud. Although I use Amazon S3 for attachments in one of my own forums and website back ups are encrypted and sent to three different cloud providers.