Jump to content

Protection against ransomware


Recommended Posts

We are in the process of hardening our backup systems against emerging threats, one of which is ransomware.  The problem with ransomware is that many backup systems will see a ransomware encryption of a file as a legitimate change to the file, and will happily back up the (now unusable) file, overwriting the good copy.

I am not sure if anything like that can happen to Evernote, but I would hate to have a ransomware attack encrypt my notes, then have those encrypted notes sync to the Evernote servers.  In both Windows and OSX there is a local copy of the Evernote files.  Will making an offline backup of these files (thereby protecting them from ransomware threats) be useful?  Specifically, if my online account were compromised, would a clean copy of the local files do me any good?  How would I get Evernote to use the local copy instead of the corrupted online copy?

Link to comment
  • Level 5*
3 hours ago, RadicalDad said:

Specifically, if my online account were compromised, would a clean copy of the local files do me any good?  How would I get Evernote to use the local copy instead of the corrupted online copy?

Certainly a clean copy of your local files would be valuable; up to the time the sync operation starts.  Then there's a possible problem because the most recent versions of your notes will override older versions.

My backup process includes an export of my notes and I can restore from that.  
It's not a true backup; data is loaded as new notes,
This resolves the sync problem, but causes other issues (for example, links are no longer valid)

You should also give consideration to off-site/cloud storage for your backup files.

  • Like 1
Link to comment
  • Level 5

DTLow is correct. I have bounced this issue off Evernote Support several times over the years, even going up to the next tier of Engineering Support. My concern is what would happen if Evernote gets hacked 

Evernote's 3 Laws of Data Protection state

    * Your Data is Yours
    * Your Data is Protected
    * Your Data is Portable

But the company does not have an effective backup / restore procedure. This is mainly due to their cloud server calling all the shots. It only permits changes to notes that are considered newer than the ones already in the cloud.

I'd love to know how the Evernote Business users get around this Catch-22 paradox. Especially when I read news such as this one."There are two kinds of companies in the world: those that know they’ve been hacked, and those that have been hacked and don’t yet know it."

http://fortune.com/2015/03/20/corporate-hacking/

I am probably wasting my time, but I do keep a series of end-of-month backups. DTLow's method is probably the safest method.
 

  • Like 2
Link to comment

Thanks for the responses, but it still isn't clear what, if anything, can be done with a clean copy of my local Evernote files.  If need be, one can get around the sync problem by disconnecting from the Internet, if only temporarily.  One could load the saved clean copy, export the notes, connect to the Internet, delete the account, then import the previously exported notes.  Saves the hassle of manually exporting the notes every few weeks for backup purposes.  Just include the Evernote files in your automated backup procedure and you are good to go.  What neither of you have said is how one goes about actually using the saved clean copy of the Evernote files.  Is that possible?

As for note export, I didn't know about that feature before.  Not sure what "links" are not preserved by export to an .enex file and re-import therefrom.  Since I'm not using these "links" I'm not sure the issue would affect me.  I would be more worried about my folder structure - is that preserved by an export and re-import from the top level folder?

As for offsite backup, we already do that.  Our current strategy is daily backup to a local NAS, and from there the NAS backs up the cloud.  That takes care of the typical problem (computer or hard drive failure) and the not-so-typical problem (theft or local catastrophic physical loss of both computer and backup medium by fire, etc.).  We are now evaluating weekly offline backups to handle the hacker and ransomware problem.  Anything web connected is suspect, which is how I got to thinking about Evernote.

Again, my question remains.  What, if anything, can  be done with the local Evernote files?  How would I get a fresh install of the Evernote client to actually use those files?

Link to comment
  • Level 5*
3 hours ago, RadicalDad said:

If need be, one can get around the sync problem by disconnecting from the Internet, if only temporarily.  One could load the saved clean copy, export the notes, connect to the Internet, delete the account, then import the previously exported notes.  Saves the hassle of manually exporting the notes every few weeks for backup purposes.  Just include the Evernote files in your automated backup procedure and you are good to go.  

Backup > Disconnect Internet > Restore > Export > Import
Sounds more complicated than just Export > Import
I'm also using the export feature for incremental backups - daily export of changed notes.

>>What neither of you have said is how one goes about actually using the saved clean copy of the Evernote files.  Is that possible?

For the Windows platform, the Evernote database is a single .EXB file.  This can be backed up and restored.
For the Mac platform, the Evernote database is a more complicated set of files stored in a folder, this can be backed up and restored (theory - I have not tested this) The folder is com.evernote.com on my Mac.

>>Not sure what "links" are not preserved by export to an .enex file and re-import therefrom. Since I'm not using these "links" I'm not sure the issue would affect me. 

This is a major feature of Evernote - crosslinking your notes
Also sharing your notes with public links

>>I would be more worried about my folder structure - is that preserved by an export and re-import from the top level folder?

I'm guessing you are referring to notebooks.
The import function creates new notes in a new notebook; the notebook structure is not preserved and would have to be recreated.  
Users have accomplished this using:
- separate exports for each notebook
- preserving notebook information using tags

Link to comment
  • Level 5
1 hour ago, DTLow said:

For the Windows platform, the Evernote database is a single .EXB file.  This can be backed up and restored.

Yes, the Windows Evernote database can easily be backed up.. Restoring it is a different and confusing matter.

I have bounced this issue off Evernote Support several times and received conflicting information on the Restoration process. 

For instance - April 29, 2016, Austin G from Evernote Support sent this - Check out his very big "BUT" in the middle of the  response:

"You can restore notes/notebooks from the old .exb using the steps below, but there is not currently a way to restore the entire account to a previous state by using the .exb. As the forum community noted, the server would overwrite the local .exb to match what's on the server."
 

I have scratched my head many times trying to comprehend the difference between the first part of their reply (yes, you can restore with .exb) and the ending part of their reply (no, you cannot restore with .exb).  So, my best guess is that if the Evernote cloud is hit with ransomware (total encryption) or a major hack, my nightly .exb files will be useless.

7777exb

Link to comment
10 hours ago, DTLow said:

Backup > Disconnect Internet > Restore > Export > Import
Sounds more complicated than just Export > Import

Your method involves significant ongoing manual labor to remain prepared for a disaster that may never happen.  I much prefer automated backups which require no ongoing labor or mindshare.  (You obviously don't deal with users - it's just about axiomatic that manual backup procedures fail to be executed regularly, resulting in inadequate protection.)  Should disaster strike, the extra steps that I will need to take are minor in comparison to the significant wasted effort that your method entails.  And, umm, BTW, it turns out that the method I proposed is suggested by Evernote themselves.  See this link, which I found after getting keyword search suggestions from answers here (thanks everyone).

For those lurkers who are wondering, since it has yet to be explained in this thread, there is no way of "importing" the saved data folder.  Essentially what you do is to set up a new copy of Evernote (or use your existing install) and overwrite the data folder with the backup copy.  See the link I cited for full details.

(Another BTW - it appears one needs to preserve the whole data folder, not just the EXB file.  That is what their instructions say.  I have no idea what is in it, but I have a snippets file in that folder that is fairly large.  One assumes Evernote doesn't keep data around for no reason.)

The fact that the export process does not preserve the notebook structure is just pure laziness on Evernote's part.  Same goes for the failure to preserve links, a feature I don't currently use but apparently many others find invaluable.  But it is what I've come to expect of Evernote.  Sigh.

 

10 hours ago, jbenson2 said:

"You can restore notes/notebooks from the old .exb using the steps below, but there is not currently a way to restore the entire account to a previous state by using the .exb. As the forum community noted, the server would overwrite the local .exb to match what's on the server."

I get that providing a method to selectively override their sync logic might be really difficult for Evernote, but the failure to provide for disaster recovery is yet another reason why I long ago stopped recommending Evernote for mission critical tasks.  One of these days I'll get over my own laziness and move our people to a more suitable platform.  But for now, there may be a way around this issue.  Has anyone asked support whether you create a brand new account in conjunction with a backed-up data folder?  Then the problem with server side corrupted notes would go away.  I note the data folder has a .accounts file.  I wonder if deleting it or modifying it would do the trick.  jbenson2, if your support ticket is still open, could you ask about this?

Link to comment
  • Level 5*
22 minutes ago, RadicalDad said:

But for now, there may be a way around this issue.  Has anyone asked support whether you create a brand new account in conjunction with a backed-up data folder?

I think that would work.  First you would create the new account, then delete the newaccountname.exb file that was created.  Copy in your backup .exb file and then change that file name to newaccountname.exb.  I haven't tried it but it seems like it should work.  Would be an interesting test.

Link to comment
  • Level 5*

If you have EXB or ENEX backups it seems you could "load" them into a new account without too much hassle, other than upload limits if your data base was larger than 10GB.  I think the only PITA issue would be the currency of the data based upon how old the backup was.  Small price to pay for the fringe scenario presented I suppose.

Link to comment
  • Level 5*
1 hour ago, RadicalDad said:

Your method involves significant ongoing manual labor to remain prepared for a disaster that may never happen.  I much prefer automated backups which require no ongoing labor or mindshare.  (You obviously don't deal with users - it's just about axiomatic that manual backup procedures fail to be executed regularly, resulting in inadequate protection.) 

You are so right.  If I had to do this manually, it wouldn't get done.

I'm on a Mac and the exports are scripted and run automatically.  This includes hourly backups of the data files by the Time Machine feature.

And to be honest; when I need to restore my database, I restore from the Evernote servers.  And to restore individual notes, I use the Evernote note history feature.

Link to comment
9 minutes ago, DTLow said:

And to be honest; when I need to restore my database, I restore from the Evernote servers.

I think we all use the Evernote server to set up a new machine or "restore" an existing database.  My concern is what happens if the Evernote server becomes corrupted.

What if some bit of ransomware manages to figure out, either by infecting your computer or by direct attack on the Evernote server, how to encrypt all your notes?  Let's say the bad guys manage to encrypt your notes locally via the Evernote API and then those notes sync to the server. How can one recover without paying the ransom?  The current defense against ransomware is to have offline backups which they can't touch.  Yes, that is damn inconvenient - feels like I'm stepping backward in time to carrying around data tapes (yep, I'm that old).  The question being posed is how to restore Evernote data from an offline backup.  So far, I'm not seeing a good answer. 

33 minutes ago, DTLow said:

And to restore individual notes, I use the Evernote note history feature

I didn't know that feature existed.  Thanks for the tip.  Good for individual notes, but rather tedious for an entire database.

Link to comment
40 minutes ago, csihilling said:

I think the only PITA issue would be the currency of the data based upon how old the backup was.  Small price to pay for the fringe scenario presented I suppose.

Agreed, small price to pay for an unlikely occurrence.  Then again, disk corruption, fire, and other data destroyers are also unlikely occurrences (assuming one is smart enough to buy a new hard drive before the old one inevitably dies).  In 40 years of doing this kind of work, I've had to use client backups only twice (not counting moving data to new equipment as part of an equipment refresh.)  In truth, before the age of automated online backups and cheap SOHO or department level NAS backups, week-old backup data was normal for all but the most critical functions such as financial transactions.  Now we complain if it is more than a day old.

 

47 minutes ago, csihilling said:

If you have EXB or ENEX backups it seems you could "load" them into a new account without too much hassle, other than upload limits if your data base was larger than 10GB.

That is the 64,000 bit question.  It seems this is a giant PITA the way Evernote works now.  You can't just restore an Evernote local data backup.  If you use the same account, the server will overwrite the backup data.  I proposed restoring to a new account, but no one seems to know if that will work.  The offline export-import scenario that Evernote suggests as the solution is quite time consuming, prone to error, and is not really a full backup as notebook structure and link data is lost in the process.

Link to comment
  • Level 5*

Again, new account should work.  Your imported ENEX or EXB replacement (blank DB to start in the new account to be sure) should appear to the server as if you did a bunch of entry on your local device.  ENEX would work for sure, EXB not 100% sure, but I think it would.

Easy enough to test by creating a new free account and importing some notes after you create it.  Then save that text EXB, create a new free account and replace that EXB with the test EXB you created.  (Sorry EN for the two temporary accounts.)  Let us know how it goes.  

You don't lose notebook structure if you export by notebook, you do lose links if they are to local notes (good reason to leave the link text alone should you have to do a rebuild).  No other way to backup local notebooks except for export.  

End of the day the files used for ransom ware are the same you would be using for a normal backup against pestilence and the rest of the data destroyers.  If ransom ware were to kick in you wouldn't be able to use your existing account anyway, would you?

Link to comment
  • Level 5
1 hour ago, csihilling said:

End of the day the files used for ransom ware are the same you would be using for a normal backup against pestilence and the rest of the data destroyers.  If ransom ware were to kick in you wouldn't be able to use your existing account anyway, would you?

 

Yes, but I would be willing to lose some recent data if I could restore using one of my older backups. Besides nightly and weekly backups, I maintain a set of monthly backups going back 12 months, and quarterly backups for several years stored off-site Yes, quite anal. So if the Evernote cloud is attacked, I will have the majority of my data in a usable format. 

If I want to restore to a new account in a timely manner, I would have to buy another Premium account. Evernote's basic 60 MB monthly upload cap would require several months of uploading my 11 GB of data.(7.8 GB for my current primary account and 3.4 GB for my current secondary account)

 

  • Like 1
Link to comment
  • Level 5*
10 hours ago, jbenson2 said:

So if the Evernote cloud is attacked, I will have the majority of my data in a usable format. 

That format being .enex or .exb which is only useable in terms of Evernote Windows/Mac
You might want to think outside of that limitation.
My backup process includes both .enex and .html exports

I don't think I would want to open another account - my interest is restoring the data in my current account.

Also, the discussion focused on moving a .exb file around which is strictly a Windows solution.
I use a Mac, and I don't believe its that simple for the Mac platform.

 

Link to comment
  • Level 5

DTLow - thanks for your suggestion. Just one additional question

  • My nightly backups are .exb from Evernote Windows.
  • The majority of my important notes are PDF files.
  • I have approximately 40,000 notes in 55 notebooks.

Do you think I'll be able to export them all together in one gigantic HTML file? or would it be safer to export into multiple smaller HTML files?

Link to comment
  • Level 5*
2 hours ago, DTLow said:

That format being .enex or .exb which is only useable in terms of an Evernote account.
You might want to think outside of that limitation.

One saving grace of EN is that it is a local app so you can use your backup and then create HTML if need be, independent of what is occurring on the server.

Link to comment
  • Level 5*
23 hours ago, jbenson2 said:

DTLow - thanks for your suggestion. Just one additional question

  • My nightly backups are .exb from Evernote Windows.
  • The majority of my important notes are PDF files.
  • I have approximately 40,000 notes in 55 notebooks.

Do you think I'll be able to export them all together in one gigantic HTML file? or would it be safer to export into multiple smaller HTML files?

Actually the HTML export is individual files for each note.  
You would end up with 40,000 files, with additional for attachments.  
Your EN database is converted to a more traditional computer folder setup.

I'd recommend separate export/folders for each notebook
Tags are embedded in the html, but I haven't figured out how to use them
 example: <meta name="keywords" content="!Hot Notes, !Journal"/

Screen Shot 2016-05-19 at 8.46.51 AM.png

  • Like 1
Link to comment
  • Level 5
23 minutes ago, csihilling said:

One saving grace of EN is that it is a local app so you can use your backup and then create HTML if need be, independent of what is occurring on the server.

 

Wow!  

That is something I did not know. It's the perfect solution for me. 

Thank you.

  • Like 1
Link to comment
  • Level 5
17 hours ago, jbenson2 said:

I tried responding to the Evernote ticket (how would you rate the support you received?)

I'll let you know if there is a reply.

 

Here is Evernote's response. Looks like my .exb backups are OK, but now I have to figure out how to export the .enex file from an .exb filel

There is not a way to import a .exb into a new account. You can export the .enex files out of the .exb and import them into a new account.

Link to comment
  • Level 5*
6 hours ago, jbenson2 said:

but now I have to figure out how to export the .enex file from an .exb filel

Hey, JB, I thought we covered that in another topic:

Basically, you just restore the OLD .EXB file from backup, run Evernote, export to ENEX the notes of interest.

  • Like 1
Link to comment
  • Level 5*
11 hours ago, DTLow said:

Also, the discussion focused on moving a .exb file around which is strictly a Windows solution.
I use a Mac, and I don't believe its that simple for the Mac platform.

If you use Mac Time Machine, it is actually very similar to the EN Win EXB Restore process:

  1. Quit EN Mac 
  2. Rename the top-level Evernote data folder
  3. Restore same folder from TM backup
  4. Open EN Mac, and export to ENEX the Notes of interest.
  5. Quit EN Mac
  6. Delete, rename, or move the top-level Evernote folder restored from backup in Step #3
  7. Rename the original top-level Evernote folder from Step #2 BACK to its original name

 

Link to comment
  • Level 5
12 hours ago, JMichaelTX said:

Basically, you just restore the OLD .EXB file from backup, run Evernote, export to ENEX the notes of interest.

Thanks. I've saved your instructions.

I wonder why Evernote Support can't be so precise.

Link to comment

In light of the known solutions presented here and elsewhere...

On 5/16/2016 at 3:01 PM, RadicalDad said:

I am not sure if anything like that can happen to Evernote

 

On 5/16/2016 at 6:33 PM, jbenson2 said:

what would happen if Evernote gets hacked

 

On 5/18/2016 at 8:31 PM, RadicalDad said:

to remain prepared for a disaster that may never happen

 

On 5/19/2016 at 9:38 PM, csihilling said:

Small price to pay for the fringe scenario presented I suppose.

 

“I've had a lot of worries in my life, most of which never happened.”
― Mark Twain

  • Like 1
Link to comment
  • Level 5

Mark Twain did not have to worry about ransomware, unlike some major hospital chains that recently were forced to pay out.

Or get hacked in 2014 like Target, Neiman Marcus, Home Depot, Blue Cross, Athem, Sony, US Postal Service, Staples, KMart, PF Chang's, JP Morgan, AT&T, and Evernote.

There are two kinds of big companies in the United States. Those who’ve been hacked… and those who don’t know they’ve been hacked.

Of course we do have some other options
head-in-sand.jpg

  • Like 2
Link to comment
38 minutes ago, jbenson2 said:

There are two kinds of big companies in the United States. Those who’ve been hacked… and those who don’t know they’ve been hacked

And for the average guy on the street (like myself)... there is safety in numbers. Met an Evernote user recently who was affected by the great Evernote hack?

I prefer this option:

friends_beach.jpg

Link to comment
  • Level 5*
On May 21, 2016 at 8:04 AM, Frank.dg said:

And for the average guy on the street (like myself)... there is safety in numbers. Met an Evernote user recently who was affected by the great Evernote hack?

I've never been hacked..... otoh, stupidly deleting notes by mistake happens too often

I pay for  health / life / car / house insurance ... and back up my data

  • Like 1
Link to comment
1 minute ago, DTLow said:

I've never been hacked.
oth, stupidly deleting notes by mistake happens every so often

Stupidly deleting notes sounds more justifiable. 

Link to comment
  • Level 5

By the way, that quote about two types of companies came from the Director of the FBI - James Comey

Safety in numbers? I agree as long as you don't use Evernote to store confidential or private data such as bills, check statements, real estate transactions, medical information, tax documents, etc.. Here are some comments from a lot of average Evernote users.

 

Link to comment
3 minutes ago, jbenson2 said:

Here are some comments from a lot of average Evernote users.

Yep... I was around to see the birth of that. It mostly centers around a couple of peripheral gripes.

The OP does say:

Quote

... would prefer to avoid a Titanic mishap well before entering the ice field 

Still hypothetical...

Link to comment
  • Level 5*

Do you think the ransom would be more or less that the subscription fees?  Tiered based upon subscription fee?  Just wondering.... ;)

Not a joking matter I know, but we do have the ability to have backups and use EN locally should such a dire event occur.  Nastier case is someone taking over your own machine versus EN's, IMO. 

  • Like 1
Link to comment
  • Level 5*

Backing up your digital data is like buying insurance:  coverage vs cost vs risk of loss

IMO, there is no need, except possibly piece of mind, for buying more insurance than you need.

For me, I am quite comfortable with using only Time Machine to backup my EN Mac data (and everything else on my Mac) once an hour to a 3TB NAS running RAID 1 with high-end hard drives.  I have no need to also backup to ENEX or HTML.

But I do have two Macs, one highly portable, with Evernote and all of my critical data, as well as all of the critical data being in DropBox.

  • Like 1
Link to comment
On ‎5‎/‎21‎/‎2016 at 7:31 AM, jbenson2 said:


head-in-sand.jpg

 

I’m afraid jbenson2 has it right.  I don’t like being a curmudgeon, but there is a ton of incorrect information and bad advice being promulgated in this thread, much of it from people listed as “guru.”  One would think they should know better.

 

First and foremost, I consider all solutions that sync across the Internet to be vulnerable in today’s climate.  This includes public cloud and private cloud backup systems.  One popular brand’s NAS was hit particularly hard with ransomware a few years ago, though generally I regard public clouds to be more vulnerable because they are targets.  Evernote is certainly a public cloud, and thus it is vulnerable.

 

For those who think this isn’t an issue that needs protection, well, good luck to you.  The truth is, hacking and ransomware are currently more of a threat than either disk failure (assuming you replace your disks on a reasonable schedule) or data destruction by fire or physical theft of the data media.  The rest of you with common sense should read on.

  • Evernote is unlikely to be hacked.  WRONG.  A quick Google search reveals that major Evernote hack attempts have occurred at least twice, March 2013 and February 2015.  (There may be others, I just looked at the first page of results.)  One of those times the hack was successful in that accounts were actually breached.  Let’s be clear that for at least these two cases, Evernote was not at fault – passwords were stolen from elsewhere and then tried on Evernote accounts to see if they would work. Evernote acted quickly and responsibly in both cases – kudos to them.  Still, the danger exists.  And Evernote still doesn’t provide a good way to back up offline – see below.
  • Time Machine (on a Mac) and other backups that keep previous versions are adequate.  MAYBE.  These will work (sort of) only if a version is kept that predates the hacking.  Consider this scenario: you start Evernote in the morning, don’t look at it again until evening, you get hacked with ransomware at 10 AM but don’t notice it until 5 PM.  You have a versioned backup system that takes snapshots once an hour (as does JMichaelTX), but it only keeps 5 previous versions.  In this case, you are screwed.  Whatever the attack vector (via your local machine or via Evernote servers), both the local version and the server version of your notes have been corrupted via Evernote sync, as has your backup of the local copy.  That fact seems to be lost on too many “experts” here.
  • Backups of EXB and/or ENEX files are interchangeable.  WRONG.  First, as pointed out elsewhere in this thread, backup of only the EXB file isn’t adequate.  One needs to back up the entire folder (both PC and Mac).  The EXB folder backup doesn’t do a lot of good, though.  If an uncorrupted copy of the EXB folder is restored, it will be overwritten by the (corrupted) notes on the server.  Again, as noted elsewhere in this thread, one CANNOT use the EXB folder backup as the basis for loading notes to a new account.  The only solution is a manual export to an ENEX file, and then a manual re-import of the ENEX notes, which the server will see as “new” or “updated.”
  • Evernote currently provides an adequate (offline) backup solution for this problem.  WRONG.  Despite the fact that they have been hacked at least twice, Evernote still has their heads up their butts.  If you are a power user, the ENEX solution is not adequate.  I have over 100 notebooks.  Others use the link function extensively.  Neither of these structures are preserved by the ENEX export.  Manual export of 100 separate notebooks on a regular basis to provide a backup solution is not feasible.  Users of the link function are simply screwed altogether.  Thus Evernote does not provide an adequate backup solution.

EVERNOTE, YOU NEED TO FIX THIS!  Will they?  Given their (lack of) response to their own buggy software, I doubt it.

  • Like 2
Link to comment

@RadicalDad, I've had 3 hard drive crashes over the last 7 years here in the unforgiving, corrosive Brazillian tropics. Haven't been hacked yet. Thus far, cloud services have saved my butt the last 2 of those 3 times. I don't have a scrap of data on any of my devices that I would mind losing. 

Evernote... Lack of response to their buggy software? Hmmm. Seems like you can't live with or without them.

 

Link to comment
4 hours ago, RadicalDad said:

but there is a ton of incorrect information and bad advice being promulgated in this thread, much of it from people listed as “guru.”  One would think they should know better.

P.S. I didn't name myself "Guru". That's the forum's thingamabob... but instead I dubbed myself "Mischief maker" for this phase of my life. So my participation here is not necessarily to be taken as advice. That's just the way I roll. I should not be confused as someone to imitate :lol:

Promulgation shmomulgation....

  • Like 1
Link to comment
  • Level 5*
4 hours ago, RadicalDad said:

but there is a ton of incorrect information and bad advice being promulgated in this thread, much of it from people listed as “guru.”  One would think they should know better.

The "Guru" label means nothing.  It is NOT a label that any of us have picked.  It is automatically assigned by the forum software to any member who has more than about 300 posts.

Furthermore, we are all just Evernote users, just like you.  We share our experience in hopes it will help others.  But I hope everyone understands that it would be very risky to accept any post, including yours, in a public users forum as being authoritative.  Before acting on any information here, users would be well advised to verify/validate the information from other sources, which are authoritative.

5 hours ago, RadicalDad said:

Time Machine (on a Mac) and other backups that keep previous versions are adequate.  MAYBE.  These will work (sort of) only if a version is kept that predates the hacking.  Consider this scenario: you start Evernote in the morning, don’t look at it again until evening, you get hacked with ransomware at 10 AM but don’t notice it until 5 PM.  You have a versioned backup system that takes snapshots once an hour (as does JMichaelTX), but it only keeps 5 previous versions.  In this case, you are screwed.  Whatever the attack vector (via your local machine or via Evernote servers), both the local version and the server version of your notes have been corrupted via Evernote sync, as has your backup of the local copy.  That fact seems to be lost on too many “experts” here.

Are you a Mac user?  You assertions about Time Machine are NOT consistent with the facts.  TM Backups can go back for years, maintaining a backup on a weekly basis.  TM does not use the traditional incremental and differential backup strategies that most backup systems use.

From Complete guide to Time Machine 

Quote

Complete guide to Time Machine: What are Time Machine's rules for keeping older backups?

This is explained in System Preferences when you click the Time Machine icon but, in summary, Time Machine keeps hourly backups of files for the previous 24 hours, then a single daily backup of your files for each of the last 30 days, and then weekly backups until such point as the backup disk becomes full and Time Machine needs to remove the oldest backups to make space for new ones – as explained above.

In other words, provided your Time Machine backup destination is large enough, you could feasibly have weekly backups of your system and your files going back many years.

For more details on TM, read the above article, as well as How Time Machine Works its Magic .
Finally, I would suggest that those interested in TM, also do a Google on "Mac Time Machine", where you will find numerous articles by Apple and other authoritative sources.

5 hours ago, RadicalDad said:

Backups of EXB and/or ENEX files are interchangeable.  WRONG.  First, as pointed out elsewhere in this thread, backup of only the EXB file isn’t adequate.  One needs to back up the entire folder (both PC and Mac).  The EXB folder backup doesn’t do a lot of good, though.

For purposes of backing up your Evernote Notes, I don't see why the EXB file and export of all Notes to ENEX would not be equivalent.

However, the EXB file does include your entire Evernote account structure, including Notebooks, Stacks, Tags, Tag hierarchies, etc.  So, in that sense, EXB file contains more info than is in the ENEX files.

However, when it comes time to restore, or I should say recover, your Notes from a backup, you will still need to first restore the EXB file, and then, using the EN Win app, export to ENEX the Notes of interest.  But you will NOT be able to force the EN Cloud to accept your restored EXB as your new, latest version.  As soon as you sync, the EN Cloud will overwrite your settings (from an OLD EXB).

Finally, @RadicalDad, if you have issues or concerns with a post by anyone, then show us all the courtesy of quoting and addressing the specific post and individual, rather than lumping all of us together who happen to have a bogus label of "guru".

  • Like 2
Link to comment
  • Level 5*

Since the main issue of this topic is Ransomware, I thought I'd share this recent article:

The Future of Cybercrime: Mac Ransomware 

Quote

The misconception that Apple’s Mac OS is not as prone to malware as Microsoft’s Windows operating system has been taking a beating following recent events involving a ransomware threat.  While Ransomware has been common for the Windows operating system for a while, it’s only recently that a security researcher has made a proof-of-concept dealing with its potential capabilities for the Mac OS.

 

  • Like 1
Link to comment
  • Level 5*

Ransomware on the Mac

Sorry for so many posts in a row, but now that I've posted an article about the Ransomware danger to Macs, it seems appropriate to post how Mac users can protect against it.  The simple answer is:  Protection is already built in to the Mac OSX, but you need to make sure it is enabled.

See XProtect Explained: How Your Mac"s Built-in Anti-malware Software Works 

Having said that, I strongly suggest that you do your own research, perhaps starting with a Google of "mac ransomware protection"

  • Like 1
Link to comment
  • Level 5*
6 hours ago, RadicalDad said:

If an uncorrupted copy of the EXB folder is restored, it will be overwritten by the (corrupted) notes on the server.

Only if you are silly enough to connect to the ransomed server after the restore.  Ditto if you restore with ENEX files.

It all boils down to risk/effort/reward.  This thread talks about some options that are available for backup/restore.  We all have a different risk tolerance and amount of effort we are willing to invest to mitigate it.  Users need to pick the strategy with which they are comfortable and are willing to assume the consequences. 

  • Like 2
Link to comment
  • Level 5*

Ransomware is an interesting phenomenon, but not one that I think is likely to affect people who take measures to backup their data, because most of us are not running massive data centers with multiple servers and a huge number of "things" connected to them (like a hospital or government office).  

http://www.christopher-mayo.com/?p=962

As stated before, Evernote keeps backups for you in the form of note histories, it has backups off site in case the main server is compromised, it has dedicated security engineers, and you have complete control over all of the data on your own hard drive (Time Machine is pretty amazing, as JM mentioned). There are multiple redundancies in Evernote -- it isn't perfect, but it is pretty nice. And, you can add some yourself (see the link above). 

As for the kind of data you keep in Evernote, I would strongly recommend against placing unencrypted, sensitive data into it or any other cloud service. I am hoping that Evernote will provide us with encrypted notebooks someday together with selective sync (no, I am not interested in voting for it or anything else -- if the engineers are interested in my opinion, they can take the time to read some of my 10,000+ posts on Evernote stuff and years of conversations on these topics, including discussion of them by the former CEO and their predecessors).

http://www.christopher-mayo.com/?p=1605

But, Evernote is fantastic for non-sensitive stuff, and I think ransomware is probably the least of anyone's worries. Again, a fascinating topic (I happen to be pretty interested in cyber security), but not one to which Evernote is particularly vulnerable. As for sticking their heads in the sand, I imagine the CEO and most of the employees there are far more aware of threats and countermeasures than most of us are, and their livelihood depends on getting this stuff right, so I think we can afford to give some credence to their statements on security. 

Again, the service is certainly not perfect, and I think we could do with some improvements (such as an easier way to handle recovery of individual notes or databases on our own), but it is doing pretty well.

[EDIT:] If you are still unconvinced that this is a manageable risk, then install Evernote, introduce an "air gap" into your system, and never connect to the Internet again. You'll probably be pretty safe this way, though you'll lose most of the benefits of Evernote. Other apps that are not cloud based could be more effective in such a model, but it is still possible with Evernote.

 

 

  • Like 1
Link to comment
  • Level 5*

As good ole Ben Franklin said:  "An ounce of prevention is worth a pound of cure"

We have addressed extensively how to recover from a Ransomware event, but no discussion about how to prevent it.

IMO, almost all virus/trojan/malware events are preventable by, or allowed by, the individual user.
(All of the below is my opinion, but based on decades of IT experience.  Do your own research to confirm or refute)

Most infections occur, just like in real life, because the user did something dangerous, went to risky web sites, downloaded illegal or questionable docs/apps, opened risky emails/attachments, etc.
The rule many of us learned long ago is to not open email attachments, even from people you know, if you were not expecting the attachment.  Malware can make an email look it is coming from someone you know and trust, like your boss, family, or colleague.

Don't click on links in email to open web sites.  Instead, go to your browser and open manually, or from browser bookmarks.  You can try to make it easier, and see the underlying URL, by right-clicking on the link in the mail, and select "Copy link".  Then paste that link into your browser address bar, but do NOT press RETURN.  Verity the link is proper before you press RETURN or click on the browser GO button.

If you are using Windows, then get a high-quality anti-virus, anti-malware product and keep it updated.  This is one area where going with the cheapest may not be the best solution.
If you are using a Mac, then make sure you have enabled the security that Apple provides you with. See my post above.

Yes, doing the above makes life a little more inconvenient.  But not nearly as inconvenient if you become infected.

 

  • Like 1
Link to comment
  • 2 weeks later...
  • Level 5*

This is three years old but I thought it might be of interest; never say never

correction: 6 years old, sorry about upsetting people and thanks JM for correcting such a grievous error

 And to avoid anyone being further distressed about an off topic reference, please note, this article is about loss of data because of a hardware failure

And please excuse the font and colour changes; it just pastes that way and I skipped over the "remove formatting" message

And JM, take a valium.

http://www.cnet.com/news/thousands-of-evernote-users-affected-by-data-loss/

Link to comment
  • Level 5*
1 hour ago, DTLow said:

This is three years old but I thought it might be of interest: 

Once again, @DTLow, you need to check you facts.  That blog was posted nearly 6 years ago:

Quote
Tech Culture
August 9, 2010
1:32 PM PDT

Since then, many, many things have changed.

Your post is off-topic, and irrelevant to the topic at hand:  Protection against ransomware 

Your use of excessively large font for the URL suggests that you are trying to stir up trouble where there is none.

Again, you should do your homework, and get your facts straight before posting:

  1. Your post has nothing to do with Protection against ransomware
  2. The article is ancient history, nearly 6 years old
  3. Since that time, Evernote has done a complete redesign of their Service and data center.
    (If you want more information about that, see the Evernote Ops Blog)
  4. Even if that blog had relevance, the loss affected ONLY "a small group of users (less than one-fifth of 1 percent)"

While I have seen a few users from time to time report a loss of data, I have never seen anyone claim it was due to hardware failure of the EN Cloud.  Personally, I have never lost any of my Evernote data due to fault of Evernote, for any reason.

If anyone is interested in a more complete picture, then you may want to read Evernote's response to the incident:
Evernote"s July 1st Server Problem -- Posted by Phil Libin on 09 Aug 2010

 

 

  • Like 1
Link to comment

Ransomware is another kind of malware that encrypts your files, making them inaccessible. This kind of malware also locks your computer screen and hence users are not able to access their PC. The attackers then demand ransom to unlock the files.

In such case users looks to recover their files, if you have kept backup of your files somewhere else such in another Hard drive or in any Cloud storage services then you can restore from there. To know more, here find out - How to Stop Ransomware To Lock Your PC?

  • Like 1
Link to comment
  • 1 month later...

As far as I understand the way Evernote works, its main vulnerability to ransomware is the local cached files it keeps on the PC where it is installed, which ransomware could possibly encrypt and a sync could corrupt the data in the Evernote cloud. If used strictly as a cloud service, especially with 2 factor authentication, I believe that a local attack of ransomeware on a PC can't touch the Evernote data in the cloud. This is contrary to the way cloud file storage services work, which the ransomware can see as a local folder and the contagion it creates gets automatically uploaded to the cloud and back down to all other connected devices.

A possible way Evernote can deal with the threat of ransomware is to offer a "non-cached" mode of operation. Maybe such a thing already exists and I would be grateful to be told about it. Basically, in this mode of operation the responsiveness of Evernote would be totally entrusted to the speed the user's network link. As bandwidth is constantly increasing, it should be less of a problem going forward. Every item the user touches would be dowloaded on the fly. If modified, it would be synced there and then. If unmodified, it would immediately be deleted from the local cache (with an optional automatic shred option).

Since the data stored in Evernote is only accessible via the Evernote application and not as files in a local cloud service folder, it would have to be pretty clever ransomware to operate the app, touch, dowload, encrypt and re-sync every note - basically a non-option.

Link to comment
  • 2 years later...

Theoretically, Evernote should be able to easily prevent compromised files which were locally encrypted by ransomware to be uploaded to their servers. Unlike file storage cloud services like Dropbox etc, it is the Evernote app which handles all creation and editing of notes. A local copy may be stored on the device but edits to it must go through the Evernote app. It is at this point that every note can be made to include a unique digital fingerprint which identifies it as one that was produced by the Evernote app. At each instance of sync, the digital fingerprints of notes which were changed on the device should be compared to their counterpart versions on the server. It is doubtful that a ransomware attack on the local copy of Evernote data would be able to encrypt just the note contents but leave its digital fingerprint intact. Compromised notes would be refused upload and a warning would be issued on the device. This suggestion is very broad in its terminology and needs to be comprehensively dealt with programmatically. 

As for the hacking of an online Evernote account - there is no excuse for not using 2 factor authentication. The best method is to use a separate phone device, preferably of an old candy bar type, as an authentication device for receiving verification codes by SMS. It's more cumbersome but ensures that a thief doesn't have all authentication methods available to him on the same device. 

Link to comment
  • Level 5

Technically I am not sure if a local encryption could compromise the cloud data.

Any encryption used by ransomware today would encrypt the whole file on the PC, not selectively note content, leaving the shell intact. I doubt that such an encrypted file would be still uploadable, and it would not „find“ its server twin to overwrite it. I think ransomware to specifically encrypt an EN database in a way that will foul the server data as well is a pretty unlikely beast.

Anyhow, you can go back through note history to a prior-to-encryption note status. Sure, I would rather not want to do this on several thousand notes ...

Against ransomware attacks there is currently one proven method: Do backups, do them with sufficient frequency based on how often you change relevant data, and do at least one copy (over several generations) on a disk not permanently connected to your network.

As a private user, if you get 3 identical HDDs (or today even SSDs, since they have become cheap(er) than ever), name them 1-2-3 and cycle them through, keeping always 2 of them outside of your house, you will be pretty safe. You do not even need to make a direct backup to these disks - run a proper backup software permanently, for example to a NAS, and backup the backup folders from there to your remote disk.

This approach will not only protect against ransomware, but against other disasters like fire, flooding etc. as well. And it will protect all of your data, not only the EN database.

 

Link to comment
  • Level 5*
4 hours ago, eyallvy said:

Unlike file storage cloud services like Dropbox etc, it is the Evernote app which handles all creation and editing of notes.

Correct, and the Evernote editor sets a trigger for the note to  be sync'd

An external process encrypting the Evernote data will not trigger a sync

Link to comment
  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...