In the last days I was playing around with some Backup programs and I had to realize, that quite a few dont recognize the Cryptomator vaults (Dokany) as target drives. They just dont list them. Then a thought for my backup strategy was, how does that work for ramsomware? Do ramsomware trojans recognize the Cryptomator drives and encrypt their contents? This would mean that a backup vault must not be unlocked and mounted at all times which would counteract my idea of fully automated backups into a vault. Any experiences with this or any thoughts?
This might be caused by one of the following reasons:
- The backup programs running in elevated mode: Cryptomator on Windows: Accessing your vault with admin priviliges
- They only look through the mount manager interface: Cryptomator with WizTree - #3 by TowerBR
How about you try WinFSP? WinFSP: How to use it
Or Personal Backup that works like a charm with WebDAV, Dokany and WinFSP .
Depends on the “quality” of the ransomware, but I would assume a clear “yes”.
You are right (from my paranoid point of view). I would not recommend that in a backup strategy
I do this with the software mentioned above. This includes opening the vaults right before performing the backup (and close them afterwards of course). But you cannot do on-the-fly backups. At least not in a practical way.