Ask Leo! #668 – Recovering from Ransomware with an Online Backup

Ask Leo! #668 – Recovering from Ransomware with an Online Backup

View Online:
Newsletter FAQ & administration

The Ask Leo! Newsletter - Be sure to allow image display for the best viewing

This week: one way to recover from ransomware – really! Also, refreshers on some of those backup-related terms.

Tips & Words

Thanks to everyone who submitted Tips and Words as mentioned in last weeks newsletter. (If you haven’t gotten around to it, keep on sending ’em — the details are in last weeks newsletter.) It’s been exceptionally helpful, and allowed me to get ahead a little. Why get ahead? Well….

Busy Summer? Nah. Busy Fall!

My summer’s been pretty peaceful, but these first few months of fall have a number of things all happening at once that will keep me pretty busy. A multi-day ham radio volunteering gig, out of town guests (twice!), a cross country trip (hello St. Louis!), and a camping trip are all on tap. For most I expect to remain connected, but I’ll definitely have some other things competing for my attention.All that is to say that the Ask Leo! side of my life might see a slowdown on occasion. Smile

Recovering from Ransomware with an Online Backup


One of the comments I quickly received on my article “Using OneDrive for Nearly Continuous Backup” was this:

If one should fall victim to hostile file encryption, instantaneous backup to OneDrive presumably would result in those being encrypted too.

In other words, if you’re using OneDrive (or Dropbox, or other similar services) to automatically back up files online whenever they change, doesn’t that mean that ransomware would cause those backups to automatically be replaced with their encrypted versions?


But before you give in to a knee-jerk reaction to avoid online backups completely, consider this: they’ll give you more options, not fewer, should ransomware ever strike. In fact, they could save you in ways other backups might not.

Online backup to the rescue

Whenever a file changes on your computer in a folder being continuously backed up by OneDrive1, the following happens:

  • Any prior copy of the file is moved to a Recycle Bin on the OneDrive servers.
  • The new copy of the file is uploaded in its place.

Yes, OneDrive has a Recycle Bin. This means OneDrive can save your data from ransomware.

It would work like this:

  • You use OneDrive to keep a more-or-less continuous backup of your data online.
  • Your machine becomes infected with ransomware of some form, and all your data files are encrypted (and therefore lost to you).
  • OneDrive dutifully notices that the files have changed, and backs up the now-encrypted files.
  • You panic. (Technically, this step is optional, but quite common.)
  • You disconnect, clean up, rebuild, or otherwise remove the malware from your machine, but are left with all of your files encrypted.
  • You visit OneDrive online2, and recover all your unencrypted files from its Recycle Bin.
  • You vow to never again do whatever it was that allowed the malware infection to happen in the first place.
  • Life goes on.

OneDrive just saved your bacon. What’s more, everything I’ve described above all happens without any other form of backup in place.

But of course, you also have other forms of backup — right?

Belt and suspenders and suspenders

The person who originally left the comment continued:

A simple, but probably inefficient, means I use is to weekly make a copy within OneDrive of backed up files.

This is (almost) exactly what I do myself. Every night I make a copy, elsewhere on my machine, of everything in my OneDrive folder, in the form of a compressed archive (like a “.zip” file). Should I ever succumb to ransomware, I can recover my files from that additional backup. I would not make the copy “within OneDrive”, however, since ransomware could impact that backup copy as well.

Of course, on top of that, I have my nightly backups running to an external hard drive: monthly full backups with daily incrementals, meaning I can always recover the files “as of” a few days ago. (And in case I happen to run across ransomware that also tries to encrypt backups … some of those backups are copied elsewhere, effectively “offline” and not directly accessible to my machine.)

It would take a lot for even the nastiest ransomware to cause me to lose any significant number of files.

You don’t need to go overboard

You don’t need to be as backup-crazy as I am. You can protect yourself with just a few simple steps.

And, honestly, that last one is just to make people panicking about ransomware encrypting their backups happy. That doesn’t happen so often that I consider it truly critical, particularly with what we’ve just discussed about OneDrive’s Recycle Bin.

Don’t let the worst case scare you away from reasonable choices

What concerns me most are folks who say they won’t use online backups because their files might be encrypted by ransomware and the online backup would be useless.

Ransomware is only one type of threat. More importantly, it’s not even the most likely threat.

For example, a hard disk failure can be much more destructive than ransomware, and is probably much more likely to happen. Even more bluntly: you’re more likely to accidentally overwrite or delete a file than you are to personally encounter ransomware.

Even if the Recycle Bin didn’t exist, continuous online backups save your files from many threats that don’t involve invalidating the backup.

The same is true for nightly backups to an always-connected external hard drive. Yes, there’s a chance that ransomware could encrypt your backups. There’s a higher probability that you’ll be glad you had those backups current for a variety of other failures.

Making backups easy, timely, and automatic is more important than fearing one specific — albeit destructive — form of malware.

Related Links & Comments: Recovering from Ransomware with an Online Backup

The Ask Leo! Guide to Online Privacy

There’s no avoiding the issue: privacy issues are scary, complex, and even somewhat mystifying.

The Ask Leo! Guide to Online Privacy tackles these topics in terms you can understand. The Ask Leo! Guide to Online Privacy will help you understand what’s at risk, what steps to take, and what to do when you’re not sure.

The Ask Leo! Guide to Online Privacy

Full? Incremental? Differential? What Kind of Backup Do I Want?

Full, incremental, and differential: three confusing terms when it comes to traditional backups.

In this article, I’m going to describe how each one works so we can compare them and see which is most appropriate for you.

Continue Reading: Full? Incremental? Differential? What Kind of Backup Do I Want?

The Ask Leo! Tip of the Day

A feature exclusively available to Ask Leo! Patrons Bronze level & above.

More Ask Leo!

Become a Patron

Leo’s Other Projects….

HeroicStories Since 1999, HeroicStories brings diverse, international voices to the world ‘ reminding us that people are good, that individuals and individual action matter. Stories – new and old – are published twice a week.

Not All News Is Bad – Each day I look for one story in the current news of the day with a positive bent. Just one. And I share it. – My personal blog. Part writing exercise, part ranting platform, it’s where I write about anything and everything and nothing at all.

Help Ask Leo! Just forward this message, in its entirety
(but without your unsubscribe link below) to your friends. Or, just point them
for their own FREE subscription!

Newsletter contents Copyright © 2017,
Leo A. Notenboom & Puget Sound Software, LLC.
Ask Leo! is a registered trademark ® of Puget Sound Software,

Our records show
that {!email}
confirmed your subscription on {!signdate long}.
To unsubscribe or change your subscription email address, just click
the link below.

Posted: September 5, 2017 in: 2017
« Previous post:
Next post: »

New Here?

Let me suggest my collection of best and most important articles to get you started.

Of course I strongly recommend you search the site -- there's a ton of information just waiting for you.

Finally, if you just can't find what you're looking for, ask me!

Confident Computing

Confident Computing is the weekly newsletter from Ask Leo!. Each week I give you tools, tips, tricks, answers, and solutions to help you navigate today’s complex world of technology and do so in a way that protects your privacy, your time, and your money, and even help you better connect with the people around you.

The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition

Subscribe for FREE today and claim your copy of The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition. Culled from the articles published on Ask Leo! this FREE downloadable PDF will help you identify the most important steps you can take to keep your computer, and yourself, safe as you navigate today’s digital landscape.

My Privacy Pledge

Leo Who?

I'm Leo Notenboom and I've been playing with computers since I took a required programming class in 1976. I spent over 18 years as a software engineer at Microsoft, and after "retiring" in 2001 I started Ask Leo! in 2003 as a place to help you find answers and become more confident using this amazing technology at our fingertips. More about Leo.