Ransomware protected backup

Backup, Restore, Netbak Replicator, Cloud Storage Services
Post Reply
DJDJDJDJ
First post
Posts: 1
Joined: Sun Feb 10, 2019 5:38 pm

Ransomware protected backup

Post by DJDJDJDJ » Sun Feb 10, 2019 5:55 pm

Hi,

So, my home server was attacked yesterday by a ransomware and around 2TB worth of personal files got encrypted. Thankfully, I have an offline backup (external disk) and my QNAP NAS was also spared that has another backup on it. So ransom guy can do one to himself.

So, going forward, I would like to setup a backup from my QNAP drive to an attached USB. I know I can do this today (been doing it). However, I have a few questions:

- Is versioning available in QNAP backups? I am thinking I would like to keep 3 months of versions.
- Is snapshoting available to USB? The reason I am asking about this is that, I have around 50-60K personal family pics. It would be extremely time consuming to revert them to a previous version if another attack were to occur. Perhaps reverting back to a previous snapshot might be a bit easier. May be a daily differential snapshot and weekly full one?
- Is there a way so that USB drives attached to the NAS unit can only be used by the backup process and not be accessed remotely using any login (even admin login). This is to prevent any infection to backups.

Thank you for any help and suggestions.

P3R
Guru
Posts: 10631
Joined: Sat Dec 29, 2007 1:39 am
Location: Stockholm, Sweden (UTC+01:00)

Re: Ransomware protected backup

Post by P3R » Sun Feb 10, 2019 7:31 pm

DJDJDJDJ wrote:
Sun Feb 10, 2019 5:55 pm
- Is versioning available in QNAP backups? I am thinking I would like to keep 3 months of versions.
Yes with the Hybrid Backup Sync app it is.

The trick to use versioning on an external disk is to not use the External Backup option in HBS but to create a standard Local backup job (click the blue Create job button in th top right corner). If the external backup disk use the file systems Ext4 or NTFS you can enable the backup versioning feature with it as the backup destination.

HFS+ should be a supported file system as well but currently have a bug that prevent versioning to work reliably.
- Is there a way so that USB drives attached to the NAS unit can only be used by the backup process and not be accessed remotely using any login (even admin login). This is to prevent any infection to backups.
No. If your admin account is compromised the intruder have complete access and you're lost.

Never use an admin account for normal file server use and consider to enable 2-factor authentication on the admin account to protect it.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!

A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.

All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!

alokeprasad
Easy as a breeze
Posts: 349
Joined: Tue Aug 25, 2015 7:06 pm

Re: Ransomware protected backup

Post by alokeprasad » Sun Feb 10, 2019 9:35 pm

DJDJDJDJ wrote:
Sun Feb 10, 2019 5:55 pm
- Is snapshoting available to USB? The reason I am asking about this is that, I have around 50-60K personal family pics. It would be extremely time consuming to revert them to a previous version if another attack were to occur. Perhaps reverting back to a previous snapshot might be a bit easier. May be a daily differential snapshot and weekly full one?
No, AFAIK. Snapshots by QTS is only for volumes residing on storage pools on the NAS.
DJDJDJDJ wrote:
Sun Feb 10, 2019 5:55 pm
- Is there a way so that USB drives attached to the NAS unit can only be used by the backup process and not be accessed remotely using any login (even admin login). This is to prevent any infection to backups.
Assuming that the pathway to your NAS is through the connected PC's, the ransomware can only overwrite the shares it can see. I use a user account (not Admin) to connect to the NAS from my PC. Thus, UNC paths or mapped drives are limited to shares I have defined for backups and common area to share with other PC's in my LAN. The standard Multimedia share is not accessible from any of my PCs. Ipopulate Multimedia from FileStation when logged into my NAS as Admin. Luckily, home media, pictures, music doesn't need to be updated that often.
Use multiple User accounts and give them limited rights to shares on the NAS, per intended use of that user account.
The other possibility is someone hacking into the NAS itself, through open ports on the NAT and compromised apps. There is some of that happening nowadays, the details of which are not fully understood. If that happens, then anything is possible.
viewtopic.php?f=50&t=146352
viewtopic.php?f=25&t=144837
NAS: TS-453Be
RAM:Crucial 8GB Kit (2 x 4GB) DDR3L-1600 SODIMM CT2KIT51264BF160B
QTS: 4.3.6.0805 build 20181228
HDD's: RAID 6: Four 8TB WD Red (WD80EFAX)
USB HDD: One 8 TB WD Mybook (WDBBGB0080HBK-NESN)
Switch: Netgear GS108

Post Reply

Return to “Backup & Restore”