Monday, February 29, 2016

Cloud apps: easy file sharing, easy ransomware sharing

Here's something to keep in mind when sharing files and storage with others: the mistakes of others can put you at risk.

There's not a lot of detail in this report, but it mentions cases where ransomware has spread through shared cloud storage (think iCloud, Dropbox, or Google Drive). If your friend or family member becomes infected, and you sync to the same shared account, you might unknowingly infect your device.

Ransomware is the current scourge of the Internet. Ransomware is malware that encrypts your personal data such as irreplaceable photos, documents, and financial records, making them unusable. It then charges a ransom fee to decrypt the files so you can use them again. The only fully reliable protection against this threat is a current and complete backup of your important data, stored somewhere out of the reach of the malware. Without such a backup, your only choices may be to pay the ransom or sacrifice the data forever.

While I have not personally experienced ransomware spreading in this manner, I did have an "oh crap" moment once when a child deleted music from a shared drive. I had set up a sizable library of (legally-owned!) music that they could download to their devices, and taught them how to use a mobile SMB client to browse the server; alas I was not clear enough in showing them the difference between "local device" and "shared server." When they wanted to remove music from their devices to make room for something new, one of them accidentally deleted some content from my server.

The point is, when sharing things with others, think of how their mistakes can put you at risk. In the music share scenario that I mentioned, I quickly learned to set the share so that my kids could only download music from it, but not change anything on the share itself. Only I could modify the contents of the share, and only from a PC that I controlled.

Similarly, you may consider whether sharing data in a read-only form is appropriate for your needs.

Do you have something to add? A question you'd like answered? Think I'm out of my mind? Join the conversation below, reach out by email at david (at), or hit me up on Twitter at @dnlongen