neurosphere wrote:Isn't it possible for viruses/ransomware to sit dormant in your files (including offline backups) such that if you are hit with an attack and then try to restore your files, you have restored the attack?Bylo Selhi wrote: Re the advice to "Backup your systems," pay special attention to "Make sure you have offline backups." This ransomware encrypts data on all accessible drives on your network. If you leave a backup drive connected then that data will be compromised as well. And of course "Test those backups to make sure they can be restored." applies at all times. There's no use in making backups if they can't be restored when you actually need them.
I guess the solution is to scan your off-line backup prior to restoring your data/files. But I can imagine that in the process of reconnecting my off-line files I might end up re-triggering the attack?
This is exactly what has bothered me for some time, with a few twists.
Before this issue of spreading though vast networks/etc., my early concern was that malware could just have a delay of some sort.
So, "all is well" (or so it seems), and then... the date or event is triggered, and the main files blow up.
So, "okay, we're backed up", except that it's also past the trigger date/etc., so upon opening/downloading/etc., the backup... boom again.