Backup strategy for Mac ransomware


Macs are not immune to ransomware. The first functional Mac ransomware was found in the wild last year. A good backup strategy is critical if you’re hit with this type of malware. Mac ransomware will grow more sophisticated over time. With this in mind, here are a few tips:

  • Assume that any connected backup drive is vulnerable to the ransomware. At least one backup drive should be offline at all times. Note that by offline, I mean completely disconnected from your Mac and network. (Unmounted, but physically connected, drives can be mounted by an attacker.)
  • Given the above, a single Time Machine backup is not sufficient to protect against ransomware. If Time Machine is your only backup mechanism, then back up to multiple disks. You should rotate the drives so that at least one drive is disconnected from your Mac (and network) at all times.
  • If you need a more sophisticated backup tool than Time Machine, options include Chronosync, Carbon Copy Cloner, and SuperDuper. These applications can create bootable backups, which could be a tremendous boon if you need to get up and running quickly after an attack. (Note that applying FileVault encryption to a bootable backup drive requires some additional work.)
  • As I regularly remind my clients, Dropbox is not a proper backup solution. It keeps deleted and modified files for a limited timeframe. Also, files outside your Dropbox folder aren’t copied to the cloud at all.
  • Cloud backup services (e.g., Carbonite, Crashplan, Backblaze, Mozy) would be a good complement to local backups. My concern is that ransomware will target cloud backups in the future. So always keep an offline backup!

Leave a Reply

Your email address will not be published. Required fields are marked *