cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Delete, edit, and organize

Solve issues with deleting, editing, and organizing files and folders in your Dropbox account with support from the Dropbox Community.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is Dropbox a safe haven from ransomware?

Is Dropbox a safe haven from ransomware?

Andrew J.3
New member | Level 1

1) If my local computer and presumably my local network drive were to be encrypted by a ransomware attack, would my Dropbox files also be encrypted?

2) Or is Dropbox a safe place place for my files in such a situation?

3) If not, what procedures (details please) are available to retrieve files that existed before the attack?

19 Replies 19

Rich
Super User II

1) If you have files in your local Dropbox folder they would become encrypted as well. If you then have the Dropbox software running, those files would then sync to the cloud and any other devices you have.

2) No place is safe once you're infected with ransomware. If the files are on your system they can be encrypted regardless of which service you're using.

3) See here:

https://www.dropbox.com/help/400
https://www.dropbox.com/help/296
https://www.dropbox.com/help/11

Andrew J.3
New member | Level 1

1) In case of ransomware encryption, are all--even older versions of--files encrypted. In other words, would there be an unencrypted backup version of my files on Dropbox from which I could restore even if some files had only the one version I originally stored on Dropbox? I'm trying to distinguish between frequently updated files where a recent version change has taken place (as I assume the instructions at https://www.dropbox.com/help/11 refer to), and static files that have not been updated in a long time.

2) is Dropbox working on a defense strategy against ransomware encryption?

Thanks for your advice.

Rich
Super User II

1) When a file becomes encrypted and is synced to Dropbox, it is synced as a change, so the previous unencrypted version would be available for recovery.

2) If I had to guess, probably not, and it's not really their responsibility to do so (IMHO). Dropbox provides a file sync service; nothing more. Any antivirus, anti-malware, etc., is the responsibility of the end user. Protect your system and you won't have to worry about it.

Steve R.7
New member | Level 1

It seems that if you pay for the Pro version they should provide protection against ransomware encryption.

It does look like the "extended version history" option may cover you in case of ransomware because all versions of files are kept for 1 year without counting toward your quota, but this option obviously adds a lot to the cost.

Rich
Super User II

It seems that if you pay for the Pro version they should provide protection against ransomware encryption.

How? Dropbox can't see that the files are encrypted (files uploaded to Dropbox are split into 4MB chunks), and even if it could, how could it differentiate between those encrypted by ransomware and those purposefully encrypted by the user?

Simply put, the security of your computer and the data stored on it is your responsibility. There are ways to protect your system from ransomware. Use them.

Steve R.7
New member | Level 1

One option that comes to mind would be if Dropbox detects all files on the entire accoint have suddenly changed at once they could keep a backup of the old files for a week and notify the user of the suspicious activity. If the cost of this gives you heartache then they could add it as an option for an additional fee.

Rich
Super User II

Dropbox already keeps all files for a period of 30 days, no extra costs involved, and you can request a rollback of your account to a point prior to the infection. An option for one year of recovery does cost extra, as you mentioned previously.

Steve R.15
New member | Level 1

Oh cool, I didn't know that. They should just add a notification for suspicious activity (ie: all files were changed within an hour or 2) with a prompt to roll back your files/quarantine the encrypted ones for 30 days if desired. I may have to upgrade to Pro to protect my photos, Dropbox camera upload works so well!

(I missed the comment you had above Rich where you said "so the previous unencrypted version would be available for recovery")

Rich
Super User II

They should just add a notification for suspicious activity (ie: all files were changed within an hour

When a crypto attack takes place, the files are usually renamed. Dropbox sees this as a delete and an add (original file is deleted and the encrypted version is added). When it sees that a large number of files have been deleted it will send you an email notification, assuming you have that option enabled on your Account page. Look for the Email notifications section on the bottom left.

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Steve R.7 New member | Level 1
  • User avatar
    Mark Super User II
  • User avatar
    Frank P.1 New member | Level 1
What do Dropbox user levels mean?