I have lost count on how many ransomware mitigation articles that have unconditionally stated that encrypting files will not prevent ransomware from doing the same. Well, that statement is somewhat a half truth as noted in this Eset article excerpt. Done properly, encrypting your files might just save your butt: Can encryption be used against crypto-ransomware? It has been asked whether it is true that crypto-ransomware does not encrypt encrypted files. The answer is “yes and no”. It is obviously possible to encrypt any encrypted data. As a matter of fact, this is the core idea in onion routing. In brief, onion routing is designed for privacy and conveys data through a circuit of routing nodes. Say that the circuit is composed of three nodes, so when the user wants to access some website the request will be encrypted with node key three (exit node), encrypted again (the already encrypted content) with node key two and again using node key one (entry node). As the request goes through each node, it gets decrypted using the key of the current node, in such a way that only the exit node will have the original request, prior encryptions brought off by the onion routing process. The exit node makes the request on behalf of the user and sends the response back using a similar encryption process as was applied to the request. For the sake of efficiency and precision, crypto-ransomware usually decides whether to encrypt a file depending on its filename extension; for instance, the list for TorrentLocker by 2014 is available here. If the extension matches a predefined set of extensions it is encrypted, otherwise it is not. On the other hand, encryption tools often append some pre-determined new extension to the filename when the file is encrypted. It is an interesting fact that we have not seen any crypto-ransomware targeting encryption tools yet. As a consequence, if the system is compromised by some crypto-ransomware that does not target the encryption tool in place, files encrypted by the tool will, just by good fortune, not be encrypted by the malware. Keeping this in mind, a useful feature to add into encryption tools is extension randomization, which could be as simple as allowing the user-to define a scheme during installation. Extension randomization does not add any performance overhead nor require great design changes in encryption tools, but it could be to some extent effective against crypto-ransomware. In order to target encrypted files, crypto-ransomware developers would have to select/find the encrypted files at the time of execution or abandon the idea of extension-based selection, evolving their attacks to avoid selecting critical application/OS files for encryption that could damage the system and make the attack fail before accomplishing its aims. This is why the use of legitimate file encryption tools to encrypt your files might serendipitously lessen the impact of crypto-ransomware; nevertheless crypto-ransomware mitigation should not be totally reliant on encryption tools: backup and other proactive measures are even more important. Ref.: http://www.welivesecurity.com/2016/09/13/how-encryption-molded-crypto-ransomware/
I am not sure it even has to be that sophisticated. I use a data back up program that keeps versions. Each file with it's versions is kept in an archive file, and these files have a unique extension. Non of the ransomware I've tested touches them.
To me it seems like security through obscurity concept. If such measures would become widespread, ransomware developers would probably deploy countermeasures - encrypting all files except those in folders c:\windows and similar. Personally I wouldn't rely on such tactic to protect my data.
