0

I'm trying to understand the structure of how AWS Glacier works because I have a problem.

Problem: I have a NAS that backs up to Glacier about once a week. About two weeks ago the NAS got infected with ransomeware so if I retrieved the data now I would just be obtaining useless encrypted files.

Question: Is it possible to download folders/data from a archive/inventory that occurred a few weeks ago as opposed to the latest inventory version?

Thanks for any help given.

Brian Sorrells
  • 1
  • From memory Glacier does not allow files to be overwritten, so if you download the files from before the problem they should not be compromised. – Tim May 09 '21 at 04:07
  • To be clear - do you mean S3 Glacier class, or the really poorly named "S3 Glacier" standalone service? – Tim May 09 '21 at 19:42
  • Hey Tim. As far as I'm aware it is listed in the AWS console under Services\Storage as "S3 Glacier". The terminology of Vaults, Archives, and Inventories confuses me a bit but the few consultants I've spoken to seem to think it is possible to retrieve data from a previous/older archive/inventory. I'm also trying to be careful so as to not have these guys just tell me what they think I want to hear to get "billable hours". – Brian Sorrells May 09 '21 at 20:45
  • Yes, S3 Glacier is the full glacier service. It doesn't do versioning but I don't think you can overwrite old archives either. It's been a while since I used that service though. You can try doing a restore from S3 Glacier and see what you get. I'm an AWS Consultant, most probably have limited experience with S3 Glacier as it's fairly rarely used. So long as you don't hit delete you can try a test restore yourself if you're technical. – Tim May 09 '21 at 20:59

1 Answers1

0

Part of business continuity planning is to take and retain enough backups to meet restore objectives. You discovered that keeping backups for one week was not enough to protect against ransomware. Consider retaining backups longer. For example, keep weekly backups for four weeks.

Glacier or S3 is object storage. You decide how to use it as a backup system: how many archives to store, and what controls to put in place to prevent early deletion or tampering.

Check your vaults or buckets or whatever the storage container is called for older copies. If you do not have older backup archives, and automatic backup replaces the last good backup with a corrupt one, yes your backups are trashed.

John Mahowald
  • 30,009
  • 1
  • 17
  • 32
  • John, are you referring to the Glacier storage class in S3, or the S3 Glacier service? I don't think the S3 Glacier service has versions. The question is ambiguous. – Tim May 09 '21 at 19:43
  • I was referring to versioning of object storage in general, in a lesson of business continuity. I have reworded my answer – John Mahowald May 10 '21 at 21:09