Under normal circumstances, they can’t. But if they actually want to target you and they want to spend the time and resources, they could potentially send instructions to the backdoor to secretly sabotage the backup process:
Basically showing you that the backup is working, while in the background, it has been encrypting the files to a key they control during that backup process, and essentialy act as ransomware. (Modern computing has made hardware encryption so fast that it would be seamless, so it would be hard to notice that happening.)
So every time you check the backup’s integrity, it uses the key to unlock the files and show you “everything is fine”.
But when the time comes, they would nuke the keys from the Intel ME / AMD PSP then next time you try to access your files, you get an error message, then you try to plug in the backup drive, also shows errors. Because they already nuked the keys, you have a bunch of encrypted data you can’t access.
Sounds far fetched, but theoretically its possible.
Belarusian hackers apparently did pretty precisely this to the biggest airline in the Russia, Aeroflot. They had been doing something for a whole year that successfully disabled Aeroflot’s backups, and deleted everything from every computer belonging to that company. They no longer know who’s working for them, for example.
I’d assume they must’ve done pretty precisely what you just described. So, it has been done once. And it probably will be done again, somewhere.
Under normal circumstances, they can’t. But if they actually want to target you and they want to spend the time and resources, they could potentially send instructions to the backdoor to secretly sabotage the backup process:
Basically showing you that the backup is working, while in the background, it has been encrypting the files to a key they control during that backup process, and essentialy act as ransomware. (Modern computing has made hardware encryption so fast that it would be seamless, so it would be hard to notice that happening.)
So every time you check the backup’s integrity, it uses the key to unlock the files and show you “everything is fine”.
But when the time comes, they would nuke the keys from the Intel ME / AMD PSP then next time you try to access your files, you get an error message, then you try to plug in the backup drive, also shows errors. Because they already nuked the keys, you have a bunch of encrypted data you can’t access.
Sounds far fetched, but theoretically its possible.
Belarusian hackers apparently did pretty precisely this to the biggest airline in the Russia, Aeroflot. They had been doing something for a whole year that successfully disabled Aeroflot’s backups, and deleted everything from every computer belonging to that company. They no longer know who’s working for them, for example.
I’d assume they must’ve done pretty precisely what you just described. So, it has been done once. And it probably will be done again, somewhere.
They would just as well nuke me litetally if we are that far down