> On Mar 8, 2016, at 12:16 AM, 'TRGPN WebMaster' via G-Group > <g3-5-list@googlegroups.com> wrote: > > On Mar 7, 2016, at 3:12 PM, Bruce Johnson <john...@pharmacy.arizona.edu> > wrote: > > "In the light of the advent of Mac ransomware, however, I’m starting to think > that maybe keeping backups disconnected might be a good thing; if you get a > ransomware infection, all mounted volumes are going to be affected, which > would include a Time Machine volume. " > > > If I use CCC to update a clone backup more frequently than every 72 hours, > when I discover I’ve been "ransomwared” won’t it be too late, i.e., the clone > will have been contaminated too, right?
Well, IF this is your only backup, it would require taking more steps to restore the data: Nuke and pave the Mac with a clean install of the os. Download something like MalwareBytes for Mac <https://www.malwarebytes.org>, clean up the backup disks and then restore the old data. Pretty much what we did (only with Windows) for the prof here who got hit with Locky; fortunately Locky didn’t encrypt the system restore points that "Previous Versions” creates. I’ve also read more about the Mac ransomware since and it appears that it tried, but was unable to encrypt Time Machine volumes; I’m not sure this was because of any special things apple’s done (only the process backupd can write to a Time Machine volume, I’m not sure how hard or easy it would be to replace or override backupd to use it to corrupt a backup.) or simply because it was poorly written, and relies mainly on a user’s panic at losing everything to extort them. -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs -- -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list --- You received this message because you are subscribed to the Google Groups "G-Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to g3-5-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.