Jump to content
RESET Forums (homeservershow.com)

Protecting client backups against cryptowall?


Recommended Posts

Drashna Jaelre

or does my client backup program send blocks of data to the server using a protocol other than file access, and the server writes the blocks to a folder that my client cannot access?  (such that cryptolocker cannot touch the backup files).   I naively assumed it worked this way...  That would be an advantage of a client/server backup solution... 

 

whereas a client only backup solution (acronis etc?) would require the ability to actually write to whatever hard drive the backup files are stored on, making any files stored in that folder fair game for cryptolocker...  This has made me nervous since I heard about viruses that like to delete/destory/kidnap anything they can find....

 

The Client Backup on the client runs as a system service (using the system account), it reads from the disks, and then communicates over the network, via TCP to the client computer backup server service on the server, using a proprietary format. 

Then the server service stores new data in 4GB chunks of raw data.

 

Acronis would need to have a shared folder, which would be much more exposed to cryptolocker

Link to post
Share on other sites
  • Replies 29
  • Created
  • Last Reply

Top Posters In This Topic

  • ikon

    9

  • Drashna Jaelre

    7

  • Trimble Epic

    4

  • revengineer

    2

Top Posters In This Topic

Popular Posts

I don't think you're being paranoid even a little bit. You may or may not know, but I have 4 to 5 copies of all my data.

Nothing at all against any of the info already posted, but I can't help but think that one good strategy for protecting clients is have a robust backup strategy. That way, if a client gets 'violated'

Yeah, absolutely. Just wanted to throw the term in there, in case anyone wasn't 100% sure.   And it still begs the question: exactly how does the backup get initiated? Does the server use WoL? I've

Drashna Jaelre

Yup.

I was just trying to go into more detail about exactly how it worked, because that is what was asked. :)

 

But yeah, it doesn't use network shares at all to communicate.

Link to post
Share on other sites

Yeah, absolutely. Just wanted to throw the term in there, in case anyone wasn't 100% sure. :)

 

And it still begs the question: exactly how does the backup get initiated? Does the server use WoL? I've read where people stated categorically that it does not. So, if not WoL, then what, cause I don't see a Scheduled Task on my clients?

  • Like 1
Link to post
Share on other sites

I do not believe it uses WOL.  It uses a scheduled task on the client.

 

Look on your client machine.

 

Task Scheduler > Task Scheduler Library > Microsoft > Windows > Windows Server Server Essentials > Client Computer Backup.

 

Under Conditions you will see that it is flagged to wake up the computer if necessary, also flagged to only run on AC.

 

I have noticed that the task start time can change around a bit.

 

I also looked at how WHS 2011 handled it and it was similar.

Link to post
Share on other sites

Thanks oceang. I found the task to backup to WHS2011 on my Win8.1 desktop. I'm sure I've seen this before but just forgot where it is. Which brings me to one of my pet peeves about MMC. Why on earth is there no search function in MMC? How does that make any sense whatsoever?

Link to post
Share on other sites
Drashna Jaelre

Thanks oceang. I found the task to backup to WHS2011 on my Win8.1 desktop. I'm sure I've seen this before but just forgot where it is. Which brings me to one of my pet peeves about MMC. Why on earth is there no search function in MMC? How does that make any sense whatsoever?

Because that would make things simple and easy. And Microsoft then couldn't hide a lot of the background maintenance that it does. :)

Link to post
Share on other sites

Because that would make things simple and easy. And Microsoft then couldn't hide a lot of the background maintenance that it does. :)

 

Ah, another one of the GMoRs (Great Mysteries of Redmond) :D

Link to post
Share on other sites
msawyer91

This may just be me being overprotective, but a couple years ago I bit the bullet and bought a subscription to a Family plan to CrashPlan for cloud-based backup. I use this in addition to my Windows Server 2012 Essentials, running on an HP EX487. Thus all of my files are backed up twice. Even if I had a malware or ransomware outbreak on my home network, it's not going to affect the cloud-based backup other than the most recent backup(s) will have encrypted files.

 

In the end, the biggest preventative against malware lies with each one of us. Always be mindful of attachments someone sends to you, and ALWAYS enable the visibility of file extensions in Windows Explorer/File Explorer, even for known files. Many malware distributors rely on Windows' default behavior of hiding extensions of known file types. So when you get an attachment in a zip file, and you extract the file, you think you have a PDF. But in reality it's an executable with a PDF icon. So what does one do? Double-click it. Even UAC won't protect you, because the malware can encrypt any file to which you have appropriate NTFS perms, without needing to run in elevated mode.

 

Just a couple weeks ago, I got a couple of emails indicating I had faxes waiting for me. I knew they were bogus but I decided to test the files anyway. In each case, an EXE was contained within a ZIP, and in both cases the EXE had a PDF icon. The file sizes were different, indicating the payload was not necessarily identical. The corporate mail system did not flag these files. I ran McCrappy, ahem, McAfee against both files, and they came back clean. I copied them to a home PC running Norton Internet Security, and it immediately quarantined both files. I deleted all the copies that I had made for testing, including the ones in my mailbox, except for a set I forwarded to our corporate security folks to let them know the files were bad so they could get the anti-malware signatures updated on their end.

 

Never, never, never open an attachment that was sent to you unsolicited. And verify attachments that were sent from known parties, especially if the attachment was not expected. After all, that person's mailbox or computer could've gotten hacked. I've gotten malware sent to me from friends because their Yahoo account got hacked. Malware spreaders count on this "trust" to get recipients to run it.

Link to post
Share on other sites

I don't think you're being paranoid even a little bit. You may or may not know, but I have 4 to 5 copies of all my data.

  • Like 2
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...