With the events that happened this past weekend it’s got me to wondering if Nextcloud could protect me from ransomware if I were using the Desktop Sync client from Nextcloud? Would my Nextcloud folders on my computer get encrypted thereby sending these locked/encrypted files to my Nextcloud server therefore rendering them useless to me?
I’m thinking the only safe answer would be to not use the Desktop Client and keep my files safe on my Nextcloud and only access my files safely through my web browser.
Thoughts or comments are welcome!
Short: Please make a proper backup, ideally also an offline backup (not constantly connected to the net and/or Nextcloud so it can’t be compromised).
A bit longer: encryption will create new versions of the files which will be uploaded to the server and synced to all other devices. If you use versioning and have enough space available, you could recover some files. Also if a client is not connected and infected, then you have still the old files (however you must prevent that it connects and syncs again the encrypted files from the server). These mechanisms can help you to recover some files but the processes are not free of errors, there could be many problem that you must not rely on that. You can also modify files by accident, disks can fail, so there is no way around a backup if you want to prevent that.
If you only connect through your web browser, it won’t happen as easily. However, a browser can also be compromised, have bugs, …
Thanks very much @tflidd for this explanation. We do keep copies of all our Nextcloud files offisite (with our own encryption) so we are good to go.