2

I'm planning to (finally) backup all my personal files from my home network on a new HDD.

If I'd use an external HDD with USB cable the ransomware would theoretically encript these data too. Would this be the case If I set change the writing permissions?

Alternative Question; how can I protect the external HDD against unauthorized access (including encrypt software).

Would a sperate linux PC (e.g RasPi with the HDD) be an alternative, if I write a program that copies all relevant files periodically to the Pi? If only selected files/folders would be transfered, the malware shouldn't be sucessfull in this case; would it?

As far as I'm informed every device that's omehow connectes is potentially vulnerable.

Would this be an acceptable solution?

Having 2 HDD's, one conected to Pi as a mini NAS, one completely offline. Save any progress from my Live System to the Pi periodically. Let's say daily. So I have a daily Baclup of my Important Data. I also could use a 64 GB SD Card, as this is not a huge ammount.

Also, I create another Backup manually every x Days/Weeks to the standalone Device. If the Pi is also corrupted I will notice this and still have a (not up to date but working) Backup.

pguetschow
  • 750
  • 5
  • 15
  • Every device which is reachable by the ransomware could be affected. This means external HDD which are plugged in but also network devices which are connected. If you plug of the external HDD or disconnect the network device ransomware can not affect these anymore. – Steffen Ullrich Dec 08 '16 at 08:42

2 Answers2

4

Use a backup solution which pulls from the primary system, not one where the primary system pushes to the backup system. The backup system should have read-permissions to the primary system while the primary system doesn't have any permissions at all on the backup system.

Also, the backup solution should not just have a single backup but be able to also restore a snapshot from days, weeks or months ago.

You can set up a home server which does backups like this, but there are also many plug-and-play hardware solutions available which work like this out-of-the-box.

Philipp
  • 48,867
  • 8
  • 127
  • 157
1

The only protection against ransomware is a versioned backup. You need versions because it is likely that you will backup encrypted files as part of your automated backup (and a "backup" that isn't automated isn't really a backup).

You can either have a backup that keeps multiple backup versions which is a bit old-school but perfectly acceptable. Or a backup where each file keeps multiple versions which is easier to use and would generally be the case when using a hard drive for backups.

The danger of online backups - again typical where drives are used - is that the ransomware encrypts the backup files directly as well as encrypting your original data. So you need to make sure that the previous file versions cannot be directly accessed so that they cannot be encrypted as well. OS level versioning may do this for you or you might need to use a versioned file system if your backup application doesn't offer specific ransomware protection.

Many cloud backup services such as CrashPlan offer versioned file backup. Also many NAS devices also have file versioning as an option. On Synology NAS's for example, you can turn this on for any share.

If you want to roll your own solution. Make sure that whatever you use to do the "backup" uses a channel that ransomware cannot also use. You would need to check but I think something like RSYNC might work. Then make sure that you keep sufficient, independent backup copies of files so that you can recover an older, unencrypted versions.

Julian Knight
  • 7,092
  • 17
  • 23