eyallvy

Theoretically, Evernote should be able to easily prevent compromised files which were locally encrypted by ransomware to be uploaded to their servers. Unlike file storage cloud services like Dropbox etc, it is the Evernote app which handles all creation and editing of notes. A local copy may be stored on the device but edits to it must go through the Evernote app. It is at this point that every note can be made to include a unique digital fingerprint which identifies it as one that was produced by the Evernote app. At each instance of sync, the digital fingerprints of notes which were changed on the device should be compared to their counterpart versions on the server. It is doubtful that a ransomware attack on the local copy of Evernote data would be able to encrypt just the note contents but leave its digital fingerprint intact. Compromised notes would be refused upload and a warning would be issued on the device. This suggestion is very broad in its terminology and needs to be comprehensively dealt with programmatically. As for the hacking of an online Evernote account - there is no excuse for not using 2 factor authentication. The best method is to use a separate phone device, preferably of an old candy bar type, as an authentication device for receiving verification codes by SMS. It's more cumbersome but ensures that a thief doesn't have all authentication methods available to him on the same device.

As far as I understand the way Evernote works, its main vulnerability to ransomware is the local cached files it keeps on the PC where it is installed, which ransomware could possibly encrypt and a sync could corrupt the data in the Evernote cloud. If used strictly as a cloud service, especially with 2 factor authentication, I believe that a local attack of ransomeware on a PC can't touch the Evernote data in the cloud. This is contrary to the way cloud file storage services work, which the ransomware can see as a local folder and the contagion it creates gets automatically uploaded to the cloud and back down to all other connected devices. A possible way Evernote can deal with the threat of ransomware is to offer a "non-cached" mode of operation. Maybe such a thing already exists and I would be grateful to be told about it. Basically, in this mode of operation the responsiveness of Evernote would be totally entrusted to the speed the user's network link. As bandwidth is constantly increasing, it should be less of a problem going forward. Every item the user touches would be dowloaded on the fly. If modified, it would be synced there and then. If unmodified, it would immediately be deleted from the local cache (with an optional automatic shred option). Since the data stored in Evernote is only accessible via the Evernote application and not as files in a local cloud service folder, it would have to be pretty clever ransomware to operate the app, touch, dowload, encrypt and re-sync every note - basically a non-option.