Can ransomware infect iCloud Drive?
I have all Apple products in my household, and am very security conscious. But the recent articles about ransomware infecting all sorts of computers got me thinking. Even if I was foolish enough to find a Mac ransomware program, download it, disable Sophos, disable SIP, and give said ransomware program my admin credentials, could it infect my iCloud Drive? I have regular hourly backups to my Time Machine so I am not worried about my data stored locally, but iCloud Drive items are stored on Apple's Servers as well as on my computer. So if ransomware encrypted all of my content in my iCloud Drive folder on my computer, would it update the files on the server, making recovery not possible?
For clarification, my questions are these:
- Does the iCloud Drive folder get backed up to my Time Machine?
- Does Apple make regular accessible backups of their user's content?
- Would the encrypted data be uploaded to iCloud replacing the old files on the server?
In short, yes, it is quite possible for ransomware to encrypt the contents of your iCloud Drive. It is possible for the ransomware to encrypt the data of your iCloud Drive, and then your computer would sync the changes to Apple's cloud, requiring decryption to access the data again.
To answer your questions:
Probably. The iCloud Drive folder is stored locally on your computer in
/YourUserName/Library/Mobile Documents
. It would be getting backed up unless you have specifically told Time Machine to not back up this directory.No. Apple does not make backups of a user's iCloud Drive accessible. It is unclear if Apple even keeps copies of user's iCloud Drive, but they are most certainly not accessible to the users.
- Yes. If ransomware encrypts the files in the directory
/YourUserName/Library/Mobile Documents
then the changes would be applied to your iCloud Drive, rendering the information useless without decrypting the data.