Onedrive Flags Cryptomator Files as Suspected Ransomware and Says They Will Delete in 30 Days

Soon after creating a Cryptomator Vault with MS Onedrive, I found myself locked out of my online Onedrive, my folder being replaced with a quite dramatic ‘you’ve probably been infected’ screen.

I won’t bore the forum with the most frustrating of all Microsoft customer support ordeals over following days due to an account verification failure loop, but when I did ultimately gain access to the microsoft ransomware wizard, the sample files they provided as proof of this ransomware were Cryptomator.

I marked them as safe, however i read the next splash screen as microsoft saying ‘if these encrypted files are still here in 30 days we will delete them’, which is somewhat worrying.

I made a video. It was actually made for microsoft to show them the account verification problem. You don’t need to see all that, but here are three screenshots showing the ransomware flag, the files identified, and the double warning.


N:B: says i can only post one media item and i cant upload the video, so if anyone is interested i am happy to supply in whatever way is acceptable

This is a known behaviour by OneDrive.
Please support the survey here:

More topics:

1 Like

thanks michael - what a ridiculous wording by MS, drama queens. I will add my name to the survey now.