This morning's paper had an article about "Ransomware" where a hacker can get into your computer and hold all your files "ransom" unless you pay to unlock them. Both me and my husband have MACs - I have an iMac and Jay has a Mac Mini. We both back up on Time Machine with a 1 TB Seagate external harddrive. How can we protect ourselves against Ransomware and if we DO get hacked, would our Time Machine back-ups be sufficient?
iMac, Mac OS X (10.6.2)
Keep copies of your files on two external drives and only plug them into the computer when needed. A hacker won't be able to get at the content of a disconnected drive.
(125863)
Keep copies of your files on two external drives and only plug them into the computer when needed. A hacker won't be able to get at the content of a disconnected drive.
(125863)
Thanks, Niel! My husband suggested something similar and I guess for VERY pertinent files this is the answer! Another question... would an internet service like Carbonite be a better choice than one which is physically attached to the computer?
For some types of files and maximum security, yes; using one of them will also protect the data from natural disasters. They're best for the most critical data; unlike regular external drives, you'll need to keep paying for the service instead of a one-time charge for the drive.
(125864)
There currently is no ransomware that can affect a Mac that works in the way CryptoLocker and other such software that plagues Windows.
In Windows, your data is literally encrypted by malware that automatically gets on your system (the way a lot of such malware does in Windows) when visiting a web site purposely set up to do just that, or an email attachment that gets the malware download started when you open it. They only way to get your data back, other than from a recent backup, is to pay the ransom fee to get the decryption key.
In OS X, the best the crooks have been able to come up with is a JavaScript trick. When you hit one of these pages, it shows a popup that makes some sort of claim your computer is infected. Many times, with complete nonsense text that your "Windows" OS is infected (you're not running Windows), "Norton Anti-Virus" has detected xxx (you don't even have Norton AV installed), "Windows Defender" has detected xxx (again, impossible to have Windows only software running on your Mac), and other giveaway's that scream "scam".
For all of these scam sites, your Mac has not been infected with anything. Period. Nothing has even been downloaded to your Mac. It's just a matter of clearing the page Safari is locked to by the JavaScript loop.
[Note: others have covered most of this whilst I was typing, I hope it helps anyway…]
rossisaacs wrote:
How can we protect ourselves against Ransomware and if we DO get hacked, would our Time Machine back-ups be sufficient?
No a Time Machine disk is normally connected all the time. That means the ransomware could also encrypt that data too. You could use an online service for backups, that way the files are stored away from the Mac, it's generally a good idea to do this anyway to protect you from fire/ theft etc. Some ransomware has been encrypting all attached storage, even network based data.
The only good news is that OS X doesn't appear to be targeted by ransomware (yet).
To protect yourself you should use the standard advice for protecting yourself online (a quick summary).
There are some good posts on here that cover this, but I can't summon any good links, sorry. I think Linc Davis has written many tomes on this subject here.
Thank you, Drew!!!! I've been thinking about using an internet back up system like Carbonite - is that, in your opinion, a good one? - Marilyn
Thanks Kurt - I've been a MAC user for literally decades! I've been very satisfied with their security. Ironically, I get the occasional phone call from someone (with a foreign accent) telling me that they have detected a problem with my PC - scams are everywhere. Thanks so much for you help!
Yes, I've gotten a couple of those over the past few years. After answering their questions as if I didn't know what was going on, I asked them to tell me what OS I was using. They halted for a bit and said I was using Windows 7. Then I let them know what I thought of them.
Yeah - I let them talk then tell them they're full of S**T because I have a MAC. Then they just hang up
I prefer Arq. It uses Amazon S3 or other services for storage…
https://www.haystacksoftware.com/arq/
I can't recollect why I chose it over Carbonite, I probably wasn't convinced by Carbonites security at the time, I think that it was because there was a possibility of the data being read on Carbonites servers (if bad staff members wanted to do so), whereas Arq encrypts before sending & doesn't send the key to the server, but that was years ago I may be confusing it with another service (Mozy, BackBlaze etc). I tried too many online services 🙂
Almost any reputable backup service is better than none at all.
Ofcourse there is one caveat to consider…
If you were struck by ransomware, it is possible that an online backup job could still run & upload the ransomware encrypted files. This would result in a backup that was not useful to you, it may overwrite an older backup.
This could be negated by keeping history of older files online too. Arq does do that, I don't know if Carbonite does it.
This is purely theoretical - all bets are off when considering what might happen via software that doesn't appear to exist yet. The main OS appear to still be in a working order, so normal tasks may still operate, powering off & removing the mains supply would be my first cause of action if I had any suspicion of an attack.
What is clear is that ransomware has been lucrative on Windows, OS X is probably in their sights too…
And a program like Arq works with Time Machine? I like the way Time Machine works to retrieve files I may have currently trashed.... or does Arq continually override itself to update? This is so confusing to me - sorry for all the questions.
No problem 🙂
Arq doesn't use the Time Machine interface (the starry space background). It uses it's own system independent of Time Machine.
It copies your new files to the server on a schedule that you specify in the preferences. When you have new data the new items are also saved onto the server.
To restore files you have to toggle the history & select the items you need. The video on https://www.haystacksoftware.com/arq/ shows it around 1 minute in.
I would say it is a little more hands on than other backup apps - you need to sign up for an Amazon S3, Google drive or Dropbox account, you may also want to select the important files to save too. I like the control & security of it.
I already have the freebie Dropbox account. So Arq seems like a good one. I will definitely look into it!
So, when I do sign up with Arq, do I simply "eject" my current external hard drive and somehow indicate to MAC that Arq is my new back up? I assume what is stored on my Seagate external HD is stored kind of like a flash drive (a really BIG one). Can I use the Seagate in the future to store stuff I may want to transport or would it no longer be usable?
There is no need to do anything with other disks. Arq is an additional backup to Time Machine. Arq will not backup the Time Machine disk unless you tell it to do so and there is really no need to do that.
You select the items you want backed up via Arq. One point to consider with Dropbox is the size - free accounts are quite limited, you will have to restrict what you backup. Amazon storage is cheaper, but more complex to work out how much storage will cost - the rates seem cheap enough to practically ignore IMO.
The Seagate disk is your Time Machine backup?
I would just leave that as it is. You can store extra files on the disk, but it's best to avoid that if you can help it. Time Machine backups will grow until the disk is full & then delete old backups (eventually you lose the oldest files). If you add other files the 'purging' will happen sooner. My preference is to leave a disk for Time Machine only or create a small partition on that disk for the extra files.
how do we protect ourselves from "Ransomware"
