Replies

Sorry I wasn’t more specific. Yes versioning is turned on for that S3 bucket; that is a critical factor in this scheme. Also, the sync is set to run at 2:00 am every night. My daughter has been educated as to the symptoms or signs of a ransomware attack. If she sees this, I have instructed her how to temporarily disable the sync. The idea is that it buys you some time to preserve your data. I am also thinking of setting up a one way sync with the S3 bucket to my NAS here at home. That way I also have a copy of her docs.

Susan,

I have been using a method to protect my daughter’s data that I thought I would share. I personally use a Mac which has not (yet) been attacked by ransomware, but when I first read about CryptoLocker I really panicked. My daughter is a graduate student who has all her research data and Ph.D. dissertation on her Windows 8.1 laptop. Losing all that data would be catastrophic for her. I have been using Amazon S3 to offsite archive some of my personal data and I came up with this solution for her. I installed GoodSync for Windows on her laptop and use my Amazon S3 account to sync her Documents folder to an S3 bucket. The secret keys to access the S3 bucket are theoretically only visible to GoodSync and the cloud storage is not mapped to a Windows drive letter or even visible to Windows as a network location. Unless I’ve missed something, none of the current versions of ransomware should be able to see that data. If you see a flaw in this thinking, I would greatly appreciate knowing it. I was even reluctant to make this response to your article and give the malware authors something else to work on.