Is Windows 10 backup safe from ransomware?

If the ransomware gains administrator access to your computer then it can damage any backups that the Windows machine may have created on that computer.

If the ransomware only acquires non-administrator access (i.e. you use a non-admin account for web-browsing) then those backups will be safe.

The best thing is to back up to a removable storage device. (surely Windows has an option for this) Keep this device in a safe place, separated from your computer. Not only will your backups be protected from viruses this way, you will still have your backups in the event of physical theft, or hardware failure.

You can also back your files up to a separated server, as long as that sever has been properly configured (and well secured) so that the ransomeware-damaged backups do not overwrite the originals.


The System Volume Information folder only contains files backed up by System Restore. That is, it won't protect your personal files should they get overwritten by malware, it will only protect Windows system files.

Additionally, although you cannot by default get access to this folder, if you were to take ownership of the folder as administrator (or with admin privs), nothing stops you from then accessing it.

File History is only as safe as the external drive it backs up to. i.e. don't choose an internal drive for your backup destination, as that would be just as vulnerable to ransomware and malware.


You still have a physical drive with real data on it, and although an administrator may not be able to access it. Even if you prevent any access to it within Windows 10, randsomware or malware could use administrative access to install bootkits or worse.

Or, picture a scenario in which you have a normal usb drive plugged into your computer. An attacker could wipe the drive within Windows 10, flash a linux livecd iso with instructions to reconnect to his server, then restart. If a flash drive is first in the boot order, the computer will run whatever code the attacker wants, giving him access to all physical drives and the data on them.

Obviously this is a contrived/ludicrous example, but the overwhelming point to make here is that if an attacker can gain administrative access to the operating system, there isn't that much you can do to stop them from getting at hardware Windows 10 needs to access. Like Silverlight Fox pointed out, a simple permissions change can accomplish the same thing.

Tags:

Backup

Windows 10

Ransomware

Related

How can RFID/NFC tags not be cloned when they are passive technology? Understanding an attempt to exploit a webserver hashed username and password in remember me token? Cannot understand supposed ProtonMail vulnerability from wired.com article Why is hashing a password with multiple hash functions useless? Do (uncompromised) passwords ever need changing, if I use a password manager? What can a company do against insiders going rogue and negatively affecting essential infrastructure? Do I need a new CSR for a certificate renewal? How should high net worth individuals secure their financial accounts? Is it possible to exploit this Zookeeper instance? Is there any reason to disable paste password on login? What is worse for password strength, a poor password policy or no password policy at all?

Recent Posts