2

I'm debating dragging all my files onto an external hard drive manually - rather than a time machine backup - and then pulling over any specific files I need if I ever need them.

Afterwards, I'll factory reset my computer, as I'm concerned it currently has malware from clicking on a bad link, though it's behaving normally/ I didn't download/run anything myself.

Will this prevent me from safely using the external drive for other things, e.g. a more legit backup portion after? Any other reason not to take this approach? (Macbook)

Jonas
  • 21
  • 1
  • 1
    Many ransomware viruses nowadays look for all network/connected drives, and encrypt all files on these drives. If your system gets infected with ransomware, the ransomware could potentially encrypt all of your files on the external drive when you connect it. To be protected from a ransomware attack, your backup system should be resilient to this. See https://security.stackexchange.com/questions/222082/how-to-keep-backup-servers-safe for more info. – mti2935 Nov 19 '21 at 20:06
  • It doesn't seem like I have ransomware, otherwise I think my computer would already be ransoming me? My computer is behaving normally since clicking on the bad link, it's possible I'm just being paranoid. Also, once the files are on the drive, even if they came from a computer with malware, I assume in most cases there's nothing those bad files could do until re-downloaded & executed? I don't really know tho. – Jonas Nov 19 '21 at 20:14
  • OP, normally, people setup a backup system *proactively*, so that they have a way of recovering in the event of a disaster such as a malware or ransomware attack. My comment above was in this context. It wasn't clear to me from your question, but from your comment, it seems that you are asking the question in a *retroactive* context - i.e. post suspected compromise. If that's the case, you'll need to scan all of your files to check if any of them are infected. – mti2935 Nov 19 '21 at 20:25
  • @Jonas: *"It doesn't seem like I have ransomware, otherwise I think my computer would already be ransoming me?"* - current ransomware attacks are often more elaborate and invest more effort and time to then get more profit. It is not uncommon that the actual encryption of the local device will be days or even weeks after the infection so that temporarily attached backups can also be infected and the victim has thus less chance for recovery. – Steffen Ullrich Nov 19 '21 at 20:53
  • Thanks for the updates. I know I should have been backing up earlier, just curious about now :/ My assumption was that if I got infected by such a drive-by method (just visiting a bad link, not downloading anything beyond what the browser normally does - e.g. executing javascript on the page), that a malware scan probably wouldn't catch it either? I also have no idea which ones are good @Steffen, that's good to know. Was starting to assume I'm safe because nothing bad has happened yet, but perhaps that's more common than I thought – Jonas Nov 19 '21 at 21:16
  • It would be good to make that backup copy even if you are currently infected. If you have an external drive with a copy of all working files, then that will not become encrypted by ransomware/malware sitting unplugged on a shelf. – mikato Nov 22 '21 at 15:31

0 Answers0