• This topic has 16 replies, 14 voices, and was last updated 7 years ago by jon_n.
Viewing 17 posts - 1 through 17 (of 17 total)
  • Is there a simple Ransomware-proof Backup Regime?
  • pealy
    Free Member

    I though I had a great backup regime. Multiple devices all running Google Drive Sync, files are backed up quickly to the cloud and replicated back down to multiple devices. If I lost a drive I’d have no problem getting my precious photo’s, VAT receipts etc back because I had copies in the could. If I accidentally deleted/updated something then Google would be happy to let me get a version from the trash or go back a version.

    Now, having been hit with a nasty bout of ransomware I’m wondering whether I should do things differently. The ransonware encrypted and changed the names of my files, it didn’t delete them. As soon as it did, the changes were synced with Google in the cloud and then back to my other devices, so they all had encrypted versions. Thankfully, I spotted it quickly and one of my devices was swicthed off so still had a copy of the pre-encrypted files

    But what if I hadn’t spotted it, or the laptop had been on? Theoretically, I could go to Google, download a copy of the previous version for each file and recreate the folder structures. Actually doing that would be painful, probably something like a fortnight of full-time effort. Google doesn’t have a ‘go back to what it looked like yesterday’ to restore multiple files/folders at once.

    So how would/do you protect yourself?
    It looks like Windows 10 comes with some neat tools which, combined with Google Drive, might enable a ‘go back to yesterday’ type of restore activity for whole folder structures at once. Any experiences?

    jimdubleyou
    Full Member

    I read somewhere (maybe on the naked security blog) that Google will do a bulk restore for you if you phone them.

    MrGreedy
    Full Member

    External hard drive with a manual sync? i.e. just run a backup as and when you want to (daily/weekly) and don’t keep it plugged in the rest of the time.

    Fresh Goods Friday 696: The Middling Edition

    Fresh Goods Friday 696: The Middlin...
    Latest Singletrack Videos
    willard
    Full Member

    The only thing that I can really think of is to take on something like an enterprise strategy and do Monthly full, weekly interim and daily incremental backups. Not using a live/push backup system should mean that any malware should not transition across to the backups themselves, so you should be able to identify the time of the infection and then blitz and restore from any combination of monthly/weekly/daily archives.

    Actually, you could try something with multiple cloud archives, using Google for day 0, SkyDrive for day 1, SpiderOak for day 2, etc, etc. You get a reasonable amount of storage for free with all these, but I wonder if it would be enough to do backups on a regular basis.

    pealy
    Free Member

    I read somewhere (maybe on the naked security blog) that Google will do a bulk restore for you if you phone them.

    I read the opposite (certainly for non-business users) but would definitely have been worth a try if I’d needed to.

    External hard drive with a manual sync? i.e. just run a backup as and when you want to (daily/weekly) and don’t keep it plugged in the rest of the time.

    Does see like an option but it’s so manual and doesn’t keep old versions. What if you don’t realise you have a problem and overwrite the good stuff? I feel like being able to roll back is vital.

    doris5000
    Full Member

    It looks like Windows 10 comes with some neat tools which, combined with Google Drive, might enable a ‘go back to yesterday’ type of restore activity for whole folder structures at once. Any experiences?

    sorry for mild hijack, but as an Appleist – would we be ok just relying on Time Machine, as it does just this? OSX experts?

    br
    Free Member

    External hard drive with a manual sync? i.e. just run a backup as and when you want to (daily/weekly) and don’t keep it plugged in the rest of the time.

    If for just home use etc then buy two (they’re cheap enough) and store the latest away (office, parents etc). Swap them around after each backup.

    Work/business, then do it ‘properly’ and ensure you ‘own’ your data and its location.

    If I accidentally deleted/updated something then Google would be happy to let me get a version from the trash or go back a version.

    We’re working with a couple of clients who’d signed up to ‘cloud-based’ systems and are now finding that actually getting their data back in a usable format is both difficult and expensive…

    midlifecrashes
    Full Member

    There’s no such thing as “The Cloud”, only someone else’s computer.

    Do you really know and trust that “someone else”?

    thisisnotaspoon
    Free Member

    If for just home use etc then buy two (they’re cheap enough) and store the latest away (office, parents etc). Swap them around after each backup.

    We have a WD My Cloud attached to the router.

    If my laptop/phone was infected, would it infect the My Cloud? It doesn’t backup automatically, I just use it as a separate drive and save everything to it, then drag’n’drop stuff to the laptop when I need it.

    scrumfled
    Free Member

    My method is automated backup to a NAS. Key files are synced to dropbox….

    ….and to avoid this sort of issue i have a couple of flash drives that i use to manually backup key files in rotation once a month.

    I avoid time machine like the plague, you can google it for issues to see why.

    leffeboy
    Full Member

    If my laptop/phone was infected, would it infect the My Cloud?

    It the backup is visible on the network, yes it will be infected

    For Windows10 previous versions and file history: I believe that just gets switched off so it isn’t really protection

    FWIW I recovered someone’s office files from Ransomware where they files were stored on DropBox by dropping a mail to Dropbox and they did the recovery. You need to be completely sure that all machines with access to the dropbox are clean first though

    With OneDrive I believe you can contact Microsoft for a restore

    If you are using a NAS then depending on the NAS you can set it up to back itself up either to an internal space or an external USB. The trick is to make sure that space/USB isn’t visible to anything on the laptop or you are toast. edit: forgot to add to make sure it keeps multiple backups or it will just overwrite the good stuff with bad :(. Remember too that the best ransomware encrypts your oldest stuff first so you don’t see until too late

    I still take physical backups to USB drives as well and then unplug them and stick them under my mattress just to be sure

    zilog6128
    Full Member

    sorry for mild hijack, but as an Appleist – would we be ok just relying on Time Machine, as it does just this? OSX experts?

    If ransomware targets external drives then the TM backup would be affected. At work I use a Mac Mini running OS X server to handle the TM backups of the whole network, which means each workstation isn’t backing up to a mounted drive. I suppose you could have a 2nd TM backup drive which you didn’t keep connected, but that’s a faff & hardly ideal.

    EDIT: I think TM backs up via the Admin account, so if you used a separate user account with less privileges (which is probably best practise anyway although no-one I know actually does this) the ransomware shouldn’t be able to affect the backup drive.

    br
    Free Member

    There’s no such thing as “The Cloud”, only someone else’s computer.

    Do you really know and trust that “someone else”?

    Yes, I know and No, I don’t.

    FWIW when I started in IT we still wrote programmes on coding sheets and the bureau I worked for sold ‘time’ on our mainframes.

    brassneck
    Full Member

    That’s all about the How and not the Where of backup. Time Machine would help as it’s a versioning back up – you can roll the whole volume back to a point in time.

    Something like Carbonite is a better bet than a simple sync offsite.

    kayla1
    Free Member

    Stop looking at monkey porn?

    edit- jokes, obviously 😀

    pealy
    Free Member

    All sounding very manual isn’t it?

    jon_n
    Free Member

    If you have another machine, how about something like Crashplan (www.crashplan.com) and back up between each of them?

    All backups are versioned, encrypted and can be onsite hosted on a fileserver/normal machine or offsite (on a remote server, via their paid storage or something like dropbox).

    I use it at home with all the family laptops backing up to my fileserver, and my parents laptop backing up to the same over the internet. It’s worked well for me for the past few years whenever I’ve had to restore something…

Viewing 17 posts - 1 through 17 (of 17 total)

The topic ‘Is there a simple Ransomware-proof Backup Regime?’ is closed to new replies.