Jump to content
RESET Forums (homeservershow.com)
callihan44

Ransomware attack plan

Recommended Posts

callihan44

wondering what other people are doing to protect data, our cad -graphics processor software provider sent out a bulletin that said they are getting reports of 2-3 customers every week getting hit with ransomware attacks locking all their data up on their network servers. I do cloud and local backups, I increased our email security and im contemplating either getting another server setup to be ready to go then keeping it off the network  in case we get hit or just getting a NAS and dumping files and databases on them then taking it offline if Im ever forced to redo the servers...

Share this post


Link to post
Share on other sites
schoondoggy

Great topic and great timing! I think you are hitting on the major issue with ransomware attacks today, network or cloud drives. Ransomware is smart enough to encrypt all drives mapped and active. New ransomware variants seem to be able to attack cloud services as well. It is cumbersome, but I have gone back to manually backing up for the few PC's I have. That way I can connect to the network drive, backup data, disconnect from the network drive. Although unpractical, connecting a USB drive, backing up and disconnecting the USB drive may be one of the best/simplest ways to keep backups safe from ransomware. It has been a long time since I investigated backup software features, it may be a good time to review. Have any backup products built in a connect/disconnect function into their backup routine? It seems like QNAP had done something? For cloud services, has anyone added features to isolate your cloud backup from ransomware?

Enterprise IT departments tend to rely on snapshot or point in time copy technology to save themselves from ransomware attacks. 

Share this post


Link to post
Share on other sites
callihan44
14 minutes ago, schoondoggy said:

Great topic and great timing! I think you are hitting on the major issue with ransomware attacks today, network or cloud drives. Ransomware is smart enough to encrypt all drives mapped and active. New ransomware variants seem to be able to attack cloud services as well. It is cumbersome, but I have gone back to manually backing up for the few PC's I have. That way I can connect to the network drive, backup data, disconnect from the network drive. Although unpractical, connecting a USB drive, backing up and disconnecting the USB drive may be one of the best/simplest ways to keep backups safe from ransomware. It has been a long time since I investigated backup software features, it may be a good time to review. Have any backup products built in a connect/disconnect function into their backup routine? It seems like QNAP had done something? For cloud services, has anyone added features to isolate your cloud backup from ransomware?

Enterprise IT departments tend to rely on snapshot or point in time copy technology to save themselves from ransomware attacks. 

our cloud backup does snapshots-archiving however I dont trust cloud backup 100%, Ive already had an issue with restoring an adobe illustrator file that somehow got corrupted during the transfer...I always have local backup copy , and frankly it's faster to retrieve locally 

Share this post


Link to post
Share on other sites
schoondoggy

Recovery from the cloud can be painful. There is a growing number of IT solutions that consist of a local appliance for backup and recovery and cloud management. Sorry for the name drop, but Rubrik.com is a very complete solution. Storagecraft.com is another. Veeam software has built out their replication and cloud management functionality as well. Didn't mean this to be a commercial, but there are many new solutions out there to mitigate risk of ransomware.

Share this post


Link to post
Share on other sites
ShadowPeo

How long is a piece of string? at work I have deployed VEEAM infrastructure (just like 90% of people) that backs up not via SMB but directly.

It has multiple snapshots on some replica's of highly important servers, and multiple backups

  • 21 daily
    • Weekly active full's backups
  • Long Term Storage via iSCSI( so it is vulnerable to attack there but they actually have to get access to the server)
    • Daily's for 1 week
    • 5 weekly's
    • 4 Monthly's
    • 5 Quarterly's
    • 8 Yearly's
  • Offsite
    • 15 Days

Home I have a similar system

  • Daily PC backups
    • VEEAM Agent for Windows
    • Time Machine for Mac
  • Data Sync'd to NAS
    • Websites Downloaded via scripts to Local Storage
    • NAS Syncs to
      • 2x Offsite 2 Disk NAS' (Mirrored Drives) at two different sites, each store's 8TB
      • OneDrive (each user's one drive is Mirrored to the NAS)
      • Backblaze B2 (Selected this one as I can order a disk with all the data on it unlike many of the other providers)
      • USB HDD
        • This has a TP-Link Kasa plug that turns off and on as required, the Synology ejects the disk once it completes the backup and the plug turns off at a pre-determined time, it turns on about 30 minutes before the backup is due to start so the disk is physically off most of the time. I would like to have it so the Synology sends a command to the switch (lets say 5 minutes) before the backup job starts (could use a wait command) that turns it on, and then another that runs after the job is complete to turn it off but I have not worked this one out yet and Synology have been no help, they just do not seem to be able to grasp the concept of what I want to happen or that I want to run pre-processing and post-process jobs
  • Servers are backed up via VEEAM
    • Now I have a better link I may send these off to the offsite backups above

 

  • Thanks 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...