I have a Time Machine external drive constantly connected to my iMac. It is not encrypted.
In the unlikely event of a ransomware attack, could the ransomware encrypt my Time Machine Backups too?
Also, if Time Machine somehow backs up the virus (or any virus), can it spread across all my Time Machine Backups without me knowing?
If so, how can I prevent it?
Many thanks,
Jayjayli
iMac, macOS High Sierra (10.13.3)
You are conflating at least two or three separate concepts. First of all macOS viruses do not exist so just forget that idea.
There have been attacks that combine theft of Apple ID credentials with macOS's "Find My Mac" feature in order to remotely log in and effectively lock you out of using your Mac. If your Apple ID credentials are stolen it makes a wide variety of exploits possible. To prevent that from occurring use Apple's Two-factor authentication for Apple ID - Apple Support. That will slam the door on any unauthorized attempt to use your Apple ID credentials for any Apple product or service. Read about it and understand its implications.
By default Time Machine backs up everything on the source volume(s) for which it is designated. That means if your Mac becomes affected by some piece of malware that you installed, it will be backed up along with everything else. Should that occur, Time Machine offers the solution: restore the affected Mac from a backup predating its installation. Provided your TM backup device has sufficient capacity, the number of backups it can contain is not limited.
There is nothing wrong with having a Time Machine backup disk connected to your Mac all the time. There is something wrong with having just one of them though. A much more common and mundane event (electrical surge, fire / theft or similar loss) can result in simultaneously losing your Mac and its backups. The solution is to use two or more backup devices, with one of them kept geographically separate from the others at all times. The practical application of that principle implies the need for no less than three backup devices so that all three are never in the same place at the same time.
If you value the information on your Mac, then encryption is a requirement. If an unencrypted TM backup device is stolen, the thief can simply connect it to another Mac and read all the information on it. Encrypting the disk with FileVault slams the door on that possibility. Also, consider what happens when (not if, but when) your backup drive or its source volume fails. You might not even be able to mount it to encrypt its contents. How do you dispose of it, ensuring the information is rendered permanently inaccessible? Good question. The solution is to encrypt before device failure occurs.
Thanks for the idea of having multiple backup drives, I didn't think of that! 🙂
Can Ransomware encrypt my Time Machine?
