Can ransomware encrypt files within Cryptomator vaults?

Hi there,
In the last days I was playing around with some Backup programs and I had to realize, that quite a few dont recognize the Cryptomator vaults (Dokany) as target drives. They just dont list them. Then a thought for my backup strategy was, how does that work for ramsomware? Do ramsomware trojans recognize the Cryptomator drives and encrypt their contents? This would mean that a backup vault must not be unlocked and mounted at all times which would counteract my idea of fully automated backups into a vault. Any experiences with this or any thoughts?
Thanks, Kolja

This might be caused by one of the following reasons:

  1. The backup programs running in elevated mode: Cryptomator on Windows: Accessing your vault with admin priviliges
  2. They only look through the mount manager interface: Cryptomator with WizTree - #3 by TowerBR

How about you try WinFSP? WinFSP: How to use it

Or Personal Backup that works like a charm with WebDAV, Dokany and WinFSP :slight_smile: .

Depends on the “quality” of the ransomware, but I would assume a clear “yes”.

You are right (from my paranoid point of view). I would not recommend that in a backup strategy

I do this with the software mentioned above. This includes opening the vaults right before performing the backup (and close them afterwards of course). But you cannot do on-the-fly backups. At least not in a practical way.