I just learned of a malware exploit that can permanently destroy files saved in a sync folder attached to Google Drive -- encrypting the files on the cloud with no backup.
Details:
A relative received a spear fishing email that induced him to open an attachment. The malware proceeded to encrypt files on his local drive, most of which were in his Google Drive sync folder. He soon realized the problem and shut down the computer, but not before it had encrypted many files.
On logging into his Google Drive from a browser on another computer, we found that many files in the cloud were encrypted. When inspecting them for versions (within 24-36 hours of the attack) – there were no previous versions. There were no copies of the files in Trash on the Google Drive. We contacted Google, whose technician reported that there had been no files permanently deleted from Trash in the last 25 Days! Thus, the malware attacking the local sync folder had succeeded in not merely encrypting the local copy, but reached into the cloud and removed the cloud version of the unencrypted file in a way that did not allow its recovery. (Alternative interpretation might be that Google has a way of recognizing when you encrypt a file and removes the unencrypted version as a security feature – but does not log this event.)
The bigger issue is that Google has no way to restore the drive to a previous time point. Had these files been on an old fashioned network file server that was backed up to tape each night, an archived time point could have been restored. Apparently, this is not possible with the cloud as offered via Google. The problem has been escalated at Google to a second level and we hope to hear back in a couple of days. I’m not expecting much.
Upcoming Webinar
2 weeks ago
