Question

Backup files after ransomware attack!?

  • 14 October 2019
  • 9 replies
  • 255 views

Userlevel 1
Badge +1
Hello! I'm wondering what would happen with online backup files when ransomware do a encryption on my computer? Files are also stored as you know on My Documents/Webroot Anywhere filder.. So basically whatever I do with files from my folder it affect the online files. So it means, if ransomware enter my pc and start encrypt my files, Webroot will replace infected files with the good ones on the cloud, or I'm wrong?

9 replies

Userlevel 1
Badge +1

Will anyone be pleased to answer my question?

Userlevel 7

Hello @Webroot Space 

 

As far as I know the Back Up & Sync has a few copies stored but if you want to know for sure it’s best to Submit a Support Ticket and ask tech support the same question and when they reply please let us know what they say! Personally I don’t use it so I can’t say for sure so I would like to know as well.

 

Note: When submitting a Support Ticket, Please wait for a response from Support. Putting in another Support Ticket on this problem before Support responses will put your first Support Ticket at the end of the queue and support can take up to 48 hours to reply or a little longer because of COVID-19.

 

Thanks,

Userlevel 1
Badge +1

Thank you, I already asked support!

Userlevel 7

Thank you, I already asked support!


And what did they say to you? We would like to know as well.

 

Thanks,

Userlevel 1
Badge +1

Well, they didn’t answer yet! But I did it research myself! The only solution I’ve found is next: In “Backup&Sync” just press OFF for “Sync” button and turn it on manually when you know files are safe. 

If your PC get infected with ransomware or other malware which encrypt files, your files in folder “Webroot Anywhere” in My documents will be changed (encrypted), but your files on the clud are SAFE if your “Sync” is OFF!

Do not turn it ON until you get rid of infection!

Later on your can download safely from Webroot Cloud.

Hope this help,

Webroot Space

That makes sense for Sync. But I’ll be interested to hear what they say about Backup. If Backup just backs up the latest version of your data files (and doesn’t retain earlier versions) and you don’t realise your data files have been corrupted before the next scheduled Webroot backup, then you’re screwed. If however Backup offers mutliple backup versions of your data files, then you’re OK.

Then again, there’s also the question whether you can easily go back to a data state at a particular time in the past and this for your entire dataset, rather than having to tediously do this manually and individually for each separate file. That will make it easy for you to restore all your corrupted data files from a time before the corruption happened (whether it was due to ransomware or something else).

This is one of many reasons why I don’t use Webroot Backup & Sync. I prefer Crashplan for data backup and Dropbox for data sync (all my data file folders are child folders of the Dropbox root folder). Though maybe Webroot passes on both of the above criteria?

Regardless of all the above, it’s also a good idea to image your entire disk to an external hard disk from time to time. In the event that your hard disk corrupts or crashes, you can then restore from your most recent image.

Userlevel 1
Badge +1

Thank you for joining this discussion! I also want to hear an answers we mention about backup. Also, would like for them to add File Vault, like most security programs have! To protect your documents, but you can access everytime from your desktop and protected against deletiion with Access Control Password.

Userlevel 1
Badge +1

I get a nanswer from Techical support!

 

“If a sync operation were to take place after your files were encrypted, then it is likely the contents of the sync directories would also be lost.
There is however, in most cases different 'versions' of a file that you can view. Simply sign into your account at My.WebrootAnywhere.com, and access your Backup/Sync directories. Locate the file, and right click, on the menu that appears click 'Show Versions' and if another version of that file exists, it will allow you to download it.
We generally recommend a combination of physical backups, as well as cloud storage as a general strategy if the loss of data is particularly concerning.”

What do you think?

There is however, in most cases different 'versions' of a file that you can view. Simply sign into your account at My.WebrootAnywhere.com, and access your Backup/Sync directories. Locate the file, and right click, on the menu that appears click 'Show Versions' and if another version of that file exists, it will allow you to download it.

That goes without saying. But just imagine the tedious process of going through each encrypted data file individually and selecting the appropriate earlier version. How much time is that going to take you? The best part of a week??

We generally recommend a combination of physical backups, as well as cloud storage as a general strategy if the loss of data is particularly concerning.”

To translate that into simple English (if I have understood correctly): Webroot unfortunately only retains one version for backups, so unless your last Backup happened to be prior to the encryption, you are screwed.

--------------------------------------------------

Another thought: support says “there is … in most cases different ‘versions’ of a (Sync) file that you can view”. If I recall correctly (from many years ago when I tested Webroot Sync—but I may be wrong on this), they only keep earlier versions for up to a week or month or something.  For most people, most data files, photos etc. do not get regularly edited and changed. So, if I recall correctly (and that is a big ‘if’), in most cases different versions of a Sync file will not be available.

As I say, I’m not sure on that one (and it could anyway have changed since I tested). So maybe you could check it out with your own data files, and let us know?

Reply