Is Dropbox a safe haven from ransomware?

Andrew J.3 · ‎01-22-2015

1) If my local computer and presumably my local network drive were to be encrypted by a ransomware attack, would my Dropbox files also be encrypted?

2) Or is Dropbox a safe place place for my files in such a situation?

3) If not, what procedures (details please) are available to retrieve files that existed before the attack?

Frank P.1 · ‎06-22-2016

"Simply put, the security of your computer and the data stored on it is your responsibility. There are ways to protect your system from ransomware. Use them."

My computer is a Mac. It's immune from ransomeware. All of the files in my Dropbox folder were overwritten as .ecc files and since the folder was cold-storage I didn't notice it until after 30 days so I'm screwed.

My computer wasn't infected because it's immune. The infection must have occurred on Dropbox's servers which then overwrote my files. I was responsible for my own computer's security. My connection to Dropbox was the problem.

Mark · ‎06-22-2016

Thats not correct.

Something has happened on your machine.

Mac's are most certainly not immune from viruses.

- - - -

Did this post help you? If so please mark it for some Kudos below.

Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.

Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible!

Rich · ‎06-22-2016

My computer is a Mac. It's immune from ransomeware.

No, it's not.

http://www.nytimes.com/2016/03/08/business/mac-ransomware-attack-exposes-vulnerability-of-apple-user...

Steve R.7 · ‎06-22-2016

Frank P. - I'd be interested to know if your setting under settings-profile-preferences-email notifications for "Many files deleted from my Dropbox" is turned on. I'm counting on that setting notifying me after ransomware attack so I can take action within 30 days.

For more information see Rich R.'s comment on March 10, 2016 13:46

Frank P.1 · ‎06-23-2016

My computer is a Mac. It's immune from ransomeware.

No, it's not.

http://www.nytimes.com/2016/03/08/business/mac-ransomware-attack-exposes-vulnerability-of-apple-user...

Hi Rich R.

Thank you for pointing that out. Your point is well very well taken and none of us can afford to be complacent. But in this particular case I don't believe your observation applies .

1. The files in my Dbox folder were all changed in February of 2015, a year before any reported Mac incidents.

2. Only the files in my Dbox folder were affected. This infection did not originate on my Mac. If it had the whole machine would have been borked.

3. I run Sophos antivirus on my Mac because I'm not quite that complacent. I do understand that winter is coming, the night is dark and full of terrors and Macs are no longer as secure as they once were. The advice on the Sophos site about ransomeware includes:

"Here’s what the crooks and their malware do:

Trick you into opening a file you are inclined to trust.
When you do so, install and run the ransomware program."

If I'd been fooled and clicked on a Mac-capable version of the software my entire machine would be bricked and I'd have gotten a message to pay to have them restored. I'm not a crypto or coding expert, but it seems to me the only way this could have happened is through a malware attack on Dbox's servers that corrupted my files there and, since they were newer, were then over-written in my local Dbox folder.

Frank P.1 · ‎06-23-2016

"Steve R.Today at 13:51

Frank P. - I'd be interested to know if your setting under settings-profile-preferences-email notifications for "Many files deleted from my Dropbox" is turned on. I'm counting on that setting notifying me after ransomware attack so I can take action within 30 days.

For more information see Rich R.'s comment on March 10, 2016 13:46"

Hi Steve,

I deleted the application so I can't tell you what the settings were and I don't see that choice available in my security settings on the web side. If the files are over-written and not deleted would you necessarily get an email notice?

Mark · ‎06-23-2016

Dropbox doesnt store files on its servers as editable Frank so its impossible the servers are compromised. Each file is stored in unusable blocks. So a 20mb file is stored in 5 totally independent files. Its only when you download or use them they are 'reconnected'.

Something has happened on your machine, or, on a shared machine connected to it. Alternatively dont forget the virus could be on a totally separate machine and transfer to shared folders (and only then effect that folder)

- - - -

Did this post help you? If so please mark it for some Kudos below.

Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.

Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible!

Frank P.1 · ‎06-23-2016

Mark Mc,

Examining folders on my Dropbox web interface I notice a windows machine linked to my account "about a year ago" that I cannot identify.

Mark · ‎06-23-2016

Thats more than likely where the issue has come from then.

I'd suggest unlinking it and if you get an option to do so remove files locally from it (although that maybe a Pro option only).

- - - -

Did this post help you? If so please mark it for some Kudos below.

Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.

Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible!

Steve R.7 · ‎06-23-2016

"Frank P.Yesterday at 20:49

Hi Steve,

I deleted the application so I can't tell you what the settings were and I don't see that choice available in my security settings on the web side. If the files are over-written and not deleted would you necessarily get an email notice?"

Frank, the "Many files deleted from my Dropbox" setting should be in the lower left of the main settings screen when you go to https://www.dropbox.com/account

I'm interested in knowing the answer to your/my question, I've been assured ransomware encryption would be caught by this setting earlier in this thread, and it is basically the answer to the title of this thread as well.

I use Dropbox regularly enough that I think I would notice within 30 days, but in cases like yours... I think Dropbox could do a better job detecting and notifying when Ransomware attacks happen with relatively little effort on their part.

[This thread is now closed by moderators due to inactivity. If you're experiencing a similar behavior, feel free to start a new discussion in the Ask a Question section here.]

Is Dropbox a safe haven from ransomware?

Is Dropbox a safe haven from ransomware?

Top contributors to this post