“Ransomware,” which is malware that encrypts user files and requires users to pay for release of the decryption key, is an increasingly successful tactic used by cybercriminals. It is effective because malware protection typically relies on identification through signature and removal of infection. Recovery of data becomes impossible in the case of a new malware variant that is not identified in time on a user's device.
Though better detection methods can be applied to endpoints such as personal computers, in the case of cloud storage systems, blind acceptance of the changes made to cloud stored data by authorized (but infected) endpoints means that an infection can propagate changes and destroy both local and cloud stored data. Users lose both their local data and cloud backups, forcing them to make a deal with cybercriminals to regain access to their personal data, pictures etc.
Thus, in the case of ransomware attacks, it may not be immediately clear to a user what value to place on files which may not be recoverable.