1) If my local computer and presumably my local network drive were to be encrypted by a ransomware attack, would my Dropbox files also be encrypted?2) Or is Dropbox a safe place place for my files in such a situation?3) If not, what procedures (details please) are available to retrieve files that existed before the attack?

They should just add a notification for suspicious activity (ie: all files were changed within an hour When a crypto attack takes place, the files are usually renamed. Dropbox sees this as a delete and an add (original file is deleted and the encrypted version is added). When it sees that a large number of files have been deleted it will send you an email notification, assuming you have that option enabled on your Account page. Look for the Email notifications section on the bottom left.

1) If you have files in your local Dropbox folder they would become encrypted as well. If you then have the Dropbox software running, those files would then sync to the cloud and any other devices you have. 2) No place is safe once you're infected with ransomware. If the files are on your system they can be encrypted regardless of which service you're using. 3) See here: https://www.dropbox.com/help/400 https://www.dropbox.com/help/296 https://www.dropbox.com/help/11

1) When a file becomes encrypted and is synced to Dropbox, it is synced as a change, so the previous unencrypted version would be available for recovery. 2) If I had to guess, probably not, and it's not really their responsibility to do so (IMHO). Dropbox provides a file sync service; nothing more. Any antivirus, anti-malware, etc., is the responsibility of the end user. Protect your system and you won't have to worry about it.

Dropbox already keeps all files for a period of 30 days, no extra costs involved, and you can request a rollback of your account to a point prior to the infection. An option for one year of recovery does cost extra, as you mentioned previously. https://www.dropbox.com/help/8408

Oh cool, I didn't know that. They should just add a notification for suspicious activity (ie: all files were changed within an hour or 2) with a prompt to roll back your files/quarantine the encrypted ones for 30 days if desired. I may have to upgrade to Pro to protect my photos, Dropbox camera upload works so well! (I missed the comment you had above Rich where you said "so the previous unencrypted version would be available for recovery")

Is Dropbox a safe haven from ransomware?

19 Replies

Replies have been turned off for this discussion

Rich
Super User II
11 years ago
1) If you have files in your local Dropbox folder they would become encrypted as well. If you then have the Dropbox software running, those files would then sync to the cloud and any other devices you have.

2) No place is safe once you're infected with ransomware. If the files are on your system they can be encrypted regardless of which service you're using.

3) See here:

https://www.dropbox.com/help/400
https://www.dropbox.com/help/296
https://www.dropbox.com/help/11
Andrew J.3
New member | Level 1
11 years ago
1) In case of ransomware encryption, are all--even older versions of--files encrypted. In other words, would there be an unencrypted backup version of my files on Dropbox from which I could restore even if some files had only the one version I originally stored on Dropbox? I'm trying to distinguish between frequently updated files where a recent version change has taken place (as I assume the instructions at https://www.dropbox.com/help/11 refer to), and static files that have not been updated in a long time.

2) is Dropbox working on a defense strategy against ransomware encryption?

Thanks for your advice.
Rich
Super User II
11 years ago
1) When a file becomes encrypted and is synced to Dropbox, it is synced as a change, so the previous unencrypted version would be available for recovery.

2) If I had to guess, probably not, and it's not really their responsibility to do so (IMHO). Dropbox provides a file sync service; nothing more. Any antivirus, anti-malware, etc., is the responsibility of the end user. Protect your system and you won't have to worry about it.
Steve R.7
New member | Level 1
10 years ago
It seems that if you pay for the Pro version they should provide protection against ransomware encryption.

It does look like the "extended version history" option may cover you in case of ransomware because all versions of files are kept for 1 year without counting toward your quota, but this option obviously adds a lot to the cost.
Rich
Super User II
10 years ago
It seems that if you pay for the Pro version they should provide protection against ransomware encryption.

How? Dropbox can't see that the files are encrypted (files uploaded to Dropbox are split into 4MB chunks), and even if it could, how could it differentiate between those encrypted by ransomware and those purposefully encrypted by the user?

Simply put, the security of your computer and the data stored on it is your responsibility. There are ways to protect your system from ransomware. Use them.
Steve R.7
New member | Level 1
10 years ago
One option that comes to mind would be if Dropbox detects all files on the entire accoint have suddenly changed at once they could keep a backup of the old files for a week and notify the user of the suspicious activity. If the cost of this gives you heartache then they could add it as an option for an additional fee.
Rich
Super User II
10 years ago
Dropbox already keeps all files for a period of 30 days, no extra costs involved, and you can request a rollback of your account to a point prior to the infection. An option for one year of recovery does cost extra, as you mentioned previously.

https://www.dropbox.com/help/8408
Steve R.15
New member | Level 1
10 years ago
Oh cool, I didn't know that. They should just add a notification for suspicious activity (ie: all files were changed within an hour or 2) with a prompt to roll back your files/quarantine the encrypted ones for 30 days if desired. I may have to upgrade to Pro to protect my photos, Dropbox camera upload works so well!

(I missed the comment you had above Rich where you said "so the previous unencrypted version would be available for recovery")
Rich
Super User II
10 years ago
They should just add a notification for suspicious activity (ie: all files were changed within an hour

When a crypto attack takes place, the files are usually renamed. Dropbox sees this as a delete and an add (original file is deleted and the encrypted version is added). When it sees that a large number of files have been deleted it will send you an email notification, assuming you have that option enabled on your Account page. Look for the Email notifications section on the bottom left.
Frank P.1
New member | Level 1
10 years ago
"Simply put, the security of your computer and the data stored on it is your responsibility. There are ways to protect your system from ransomware. Use them."

My computer is a Mac. It's immune from ransomeware. All of the files in my Dropbox folder were overwritten as .ecc files and since the folder was cold-storage I didn't notice it until after 30 days so I'm screwed.

My computer wasn't infected because it's immune. The infection must have occurred on Dropbox's servers which then overwrote my files. I was responsible for my own computer's security. My connection to Dropbox was the problem.