If only someone....
would invent backups.
Ransomware scum are suggesting that victims infect their friends instead of paying for decryption keys. The ransomware variant "Popcorn Time", unrelated to the popular Bittorrent client by the same name, first tells users they have a week in which to pay one bitcoin (US$770) in order to have their files decrypted. The menace …
I'll risk saying it... Backups *should* help for Joe Blow, but that chance seems 50/50 in reality to me.
I've know 2 people that have been hit by these scams that did run backups on their home machines. But being they hot swap drives and have access to their LAN (chiefly the NAS) from their workstation...everything went. I've still yet to figure out if this stuff would attack a "cloud", but I don't see why not if it's mounted.
I can't lie, I've not dealt with ransomware (yet) so correct me if I'm wrong, but if the sneaky stuff hangs around for a few days meddling about before popping its head up, many of us could be more susceptible than we think.
There are good ways around this, but they'd require rather more technical expertise than could be expected of the average user. The way to stop ransomware attacks is for no one to pay ransom. Heck, pass a law making it illegal to do so.
If you make their return on investment negative, it will quickly stop.
We've got:
- NAS for central data point for all devices in the house (it's RAID, with time-machine-esc feature of rolling versions back)
- Changes to NAS data are automatically encrypted and backed up to cloud backup (amazon drive)
- Once every 3 months I physically plug in a 4TB HDD via usb3 into the back of the NAS for half a day, which triggers a full backup to the external disk. This is stored in a locked box in my locked desk cupboard in a very secure building (my office).
If the ransomware times it perfectly, they could kill my cloud and offline backup at the same time... but the chances are very small.
I get told this is overkill, they might be right, but it helps me sleep at night knowing I wouldn't lose it all in a fire, or ransomware attack (it'd be lost for sure, as I'd never pay the scumbags). Plus, it took like an hour to set up, and it all works fairly automatically - except the physical plugging in of the offline backup.
And therein lies the mistake : hard drives do not a backup make.
I am constantly bleating this horn and next to nobody is listening : the only valid backup system for Joe User is the optical disk. Use DVDs or BluRay, I don't care, but write your data on something that cannot be changed afterwards.
Hard disks can be wiped by magnets, they can fail outright, the data can fade until it is not readable any more. In a word, they are not a reliable backup system. They are a perfect transport system for large amounts of data, but they are not backup.
The WORM disc is a far better backup support, cannot be modified once written and can reliably store data for decades. I wrote my first CD backup in 1995 and it is still perfectly readable. It does take longer to write, but it lasts way longer once written.
This post has been deleted by its author
Whilst I applaud the sentiment of a RO backup, optical disks - particularly the cheap ones commonly available to the average user - are prone to fading too.
You are fortunate that a 1995 CD backup is still viable as I have encountered azo dye-based CDR/DVDRs which are unreadable or showing errors after only 5-6 years.
"You are fortunate that a 1995 CD backup is still viable as I have encountered azo dye-based CDR/DVDRs which are unreadable or showing errors after only 5-6 years."
DVD-Rs are a particular problem as they slowly delaminate if flexed.
I'm surprised anyone is still using AZO. Phtalocyanen has proven much more stable.
CD-RWs are better still as they are a real phase change material, not a dye.
Hard drives can make a perfectly valid backup if done correctly. That means unplugging them when not in use and storing them separately from the source (ideally in a fire safe, like you would with tapes and your optical thingies).
Personally, I have my own backups on (effectively) a NAS, but with some scripting that creates a read-only copy of each backup... but then I'm techy and know what I'm doing. I recognise the risks and have mitigated them to an extent that I'm comfortable with. YMMV
"Personally, I have my own backups on (effectively) a NAS"
It's easier to do with a NAS because you can mount/unmount the share as required, even in Windows hence the drive is only vulnerable during backup. Require a password for each mount and you prevent malware from getting at it easily. Run a cron job on the NAS to replicate the backups to copies with a data serial and you have another layer of availability.
I've recovered some seriously borked systems with only minimal downtime and loss of data by following a tiered backup strategy.
The problem, as ever, is the user. Users don't like having to do *anything* other than surf their porn and shop online. Having to do something like mount/unmount a drive isn't going to happen and they won't pay someone who knows how to do it to set it up for them. It's very difficult to device effective controls and strategies for SOHO because the users/owners don't understand the issues and largely don't care. Not until the Day It All Goes Horribly Wrong.
In an enterprise you can work around this by providing thin client access to VMs and snapshotting the VM. The worst case then is loss of a few hours work.
Require a password for each mount and you prevent malware from getting at it easily.
That is rather naïve. Do you think that malware runs visible in a top level desktop window that says "I AM NOW ENCRYPTING YOUR FILES, PLEASE WAIT"?
Ransomware runs as a hidden background process so you won't know you've been infected, and will encrypt whatever it can gain access to. This means, as soon as you mount your NAS (password or not), the process will have as much access to the storage as your backup program has. Worse, because iterative backups tend to be stored on the same medium you may lose previous generation backups too.
This is the major issue: if you run iterative backups (which most people do due to the time it takes to back up from scratch) you run the risk of having them encrypted too by ransomware.
If you still dump onto tape, however, you may have less of an issue if you use a grandfather-father-son scheme, but all the random access read/write approaches are wide open. It takes longer for a network drive than local storage, but it's no less vulnerable.
use carbonite.
they have point in time restore. if you get hit, you get in touch and they can roll your backup back to before it happened. then you rebuild the machine, and press "get my files back" and thats it, job done. it can take a while to get all your data if you have a lot of it but you do get it back. you might lose some changes - they have to roll back to before anything was encrypted, but you wont lose much.
ive seen it work in anger. i sell lots of it, you can make reasonable money out of it.
unlimited storage is £69 dollars a year per device (for non server OS)
its more expensive for servers of course but they have products that do all of that too.
it really is very good indeed for the money.
this is for non server/domain setups - not many small offices i deal with can afford a server, but you can also set up a spare pc (say dual core intel, 4gb ram, ssd if needed - hp elte 8000 for instance, say £50 for the box, £40 quid for the backup disk, same for [primary unless you want ssd) as a data server, then have network shares to it under a standard account. put a big backup disk in it and have macrium or windows backup run to that, remove permissions for standard users to access the backup disk. i prefer macrium because it can email if it is successfull or failed.
then you have a box that cryptolocker can get at through the network shares, but it cant get at the backup disk.
if you back that pc up with carbonite (69 dollars a year), you have belt and braces. (in case of fire, theft, stupidity)
you can then run openvpn if you want remote access to the files, put prooper security on it etc etc....miles better than a nas.
"Hard drives can make a perfectly valid backup if done correctly. That means ..."
Amongst other things - NOT running the backups on the system which is hosting the original data.
Bacula's pretty good for this. Not only does it backup clients across a network, but because it keeps hashes of all the files in a database, you can tell what's changed and when it changed - aka a semi-decent IDS with restoral mechanism.
Use DVDs or BluRay, I don't care, but write your data on something that cannot be changed afterwards.
1 - never heard of multi-session drives then?
2 - you tell someone they should fill up their homes with stacks of pretty coasters
3 - the write speed of those media vs the ever increasing amount of data that people generate (the incorrect pissing match on number of camera pixels is one of the drivers) makes this a dead proposition. My own system backs up a couple of GB a night - I now use an SSHD (hybrid) which cuts backup time to reasonable amount (I also use that because it offers me a "start from the metal" recovery process - and it's not the only backup that takes place).
4 - the read speed: ditto.
That said, I am moving to a system of multiple drives with a week's gap in between and offsite storage cycling - just in case. My OS is presently not sensitive to this, but I'm human like everyone else and can make mistakes too (mostly before coffee :) ).
"I am moving to a system of multiple drives with a week's gap in between and offsite storage cycling - just in case."
This brings up an important point about backups. You need at _least_ 3 copies of your data on separated media (the one you're backing up on, the one before that (offline) and the one before that (offline), which will be recycled to be your backup disk next time.)
I've seen script kiddies knock out ISPs and businesses because all their "backups" were online and directly attached to the system being "backed up". People really have no clue about keeping things safe.
The other classic is burglaries - people have lost not only their computers/laptops, but all the external hard drives that held the backups - conveniently placed on a shelf above the PC. Don't do that.
"About 10 years ago I bought some magazine archives, via the publisher no less, that are now utterly unreadable."
There is software for Linux which will do its utmost to extract data from such disks.(Dvdisaster)
There's other software which can merge multiple sets of such data (assuming you have several copies of those disks, each with their own bad spots)
you can host the backups on the system and leave the backup drive plugged in all the time. Simply have an account that does the backups and DENY the "normal" logged in users (and administrators so you don't have $ shares being an issue) access to the drive. If it is a NAS then again have a dedicated backup account that can access the share and no one else. Then use backup software that has user credentials as the backup user and away you go (I use EASUS as it has worked for backup and restore for me)
DVDs and BluRay have very limited capacities. When I do a backup I do not want to have to sit around for hours swapping disks like it's 1994.
And if you think that optical disk backups are indestructible and forever, you're in for a nasty shock some day.
for media, M-Discs supposedly last longer.
I'm still waiting for Archival Disc.
"DVDs and BluRay have very limited capacities. When I do a backup I do not want to have to sit around for hours swapping disks like it's 1994."
Bingo. I'm a sysadmin, and a pretty conscientious one, but if backing up requires a long period of manual intervention and I can't automate it, it probably won't happen on a regular basis. Certainly not daily. Hard drives have gotten so big compared to removable media that the only practical thing to back them up to is other hard drives.
That's why I've gone the cloud route -- CrashPlan, in my case. It's worth the money for me to make it someone else's problem. Since it's not mounted as a disk and it allows me to go back to previous versions, I think it should be pretty resistant to ransomware. It also has the benefit of not being in my house, so I can still recover my data if I have a house fire or something similarly disastrous.
I do make local disk backups as well, but those are more for convenience.
>I am constantly bleating this horn and next to nobody is listening : the only valid backup system for Joe User is the optical disk. Use DVDs or BluRay, I don't care, but write your data on something that cannot be changed afterwards.<
You have a point, but if the ransomware has been sitting on your system for a while before activating its payload, then your recent backups will also be infected. For many companies, the last week's (or other time period) data is the most important of all, and yet it's too risky to restore.
That does depend on the nature of the backup, of course. But even if you only backup your documents it's quite feasible for one of them to have a macrothat triggers a ransomware download.
It's interesting that just about everyone here answered my post with variations concerning NAS and/or company backup procedures.
Funny, I clearly indicated that I was talking about Joe User.
Joe User does not have a NAS and wouldn't know how to set it up if you gift-wrapped it and installed it for him and, if you did do that for him, it would do eff all for his data when he gets infected with an encryption virus as is such the rage right now.
And please stop going on about how optical discs "are not forever". Nothing is forever and it is hilarious to think that optical discs without any moving parts are more at risk than spinning rust. Your optical drive can fail, it has no bearing on the data on the disk. The same cannot be said about hard disks.
Optical discs can fade (or so I've heard as well), but I take my data seriously enough to not buy the cheapest sort and, for the moment, I have indeed been lucky - if you call "luck" the staged multi-copy process I go through.
Once again, optical discs are the best bet for Joe User. When/if he gets around to it, he'll have a valid copy that will be stable and reliable long enough for him to completely forget what was on it in the first place.
You guys are experienced enough to choose your own path and take your own risks.
Once again, optical discs are the best bet for Joe User. When/if he gets around to it, he'll have a valid copy that will be stable and reliable long enough for him to completely forget what was on it in the first place.
1) DVD's are one of the flimsiest, crappiest data mediums out there, especially in "joe user's" house with the sprogs and their wonderful treatment of such things.
2) Joe User likely has at least 500Mb worth of data to back up. Probably Joe User has at least a terrabyte HDD with a lot of movies/music, and maybe 40 of 50Gb worth of "junk files" on their system (Windows is great at cleaning up temp folders!). Junk files alone would just about take up a packet of DVD's.
Then there's the space requirements. I could get 2 2Tb USB HDD's in the same space as 10 DVD's. The 10 DVD's would not quite give enough backup space for the average home user's junk files, whereas the 2x2Tb HDD's would give enough for 3 full backups.
They won't fade. They're not as easy to damage as DVD's. Using the wrong marker type on them won't destroy them. A kid sliding one across a carpet won't damage them. Having the DVD tray close on the last one of them won't mean you just wiped out a 50-disk backup procedure coz disk#50 is now stuffed. They don't require a shitload of stuffing around every 30 minutes changing disk.
For backup, optical is a dead medium. I know a number of home users who would need in excess of 300 dvds each backup (think I am adding up the numbers right), whereas ONE external HDD will do it. For Joe User, it is the worst thing imaginable and perhaps only marginally better than nothing at all. It's like clothing yourself with a single layer of cling wrap before going for a walk in the snow.
Use DVDs or BluRay, I don't care, but write your data on something that cannot be changed afterwards.
Grab DVD from machine, sit on carpet/rough surface. Grab backup external HDD from machine, sit on same rough surface. Which is likely to survive? Hit : Not the optical media, which seems rather fragile in most people's homes (y'know, with little tykes running around who can never understand the concept of "don't put my DVD's on the fecking carpet!")
Hard disks can be wiped by magnets, they can fail outright, the data can fade until it is not readable any more. In a word, they are not a reliable backup system. They are a perfect transport system for large amounts of data, but they are not backup.
I've never known a HDD to be wiped by close proximity to magnets. Did you know that HDD's have some quite powerful magnets INSIDE them, as part of the head mechanism, that are unsheilded and only a few mm from the platters? So the platters are spinning through a strong magnetic field? Nor have I ever heard of data "fading" on them.
I wrote my first CD backup in 1995 and it is still perfectly readable. It does take longer to write, but it lasts way longer once writte
Back about when you were doing your first backup CD, I upgraded a HDD in a machine. It was a whopping 120Mb HDD that I upgraded to a "cheap" (nearly$NZ600!) 1Gb drive that went in. Recently I discovered that disk and what the hell, spun it up. Still works fine, and data still fine.In fact a few days ago I played WarCraft 2 off a copy I took of that disk a couple of weeks ago.
Anyone know where I can find a PCI MFM controller? Coz I also found a massive 5Mb HDD I'd love to spin up. And by "massive" I mean full height/full width. Don't think I have any mobo's left that have ISA slots.
You'd have the same issue on Cloud/SharePoint really unless you have another challenge mechanism - it's a trade-off between convenience and security.
If you want your files available seamlessly as if they were locally-attached then that's a risk you have to take. Versioning could help here, but it depends on how sneaky the payload is since if it activates over a longer period before popping up the demand then where do you start....?
One way to protect the NAS backups at least is to have the NAS backup jobs running as a dedicated backup user - with a strong password - and these backup filesystems RO to their normal user.
"I've still yet to figure out if this stuff would attack a "cloud", but I don't see why not if it's mounted."
A while back, somebody on this forum told the story of such an infection. BUT! The backup vendor in question had a backup of several generations worth of changes. Rolling back to a point in time before the attack took place, and presto: The originals restored, safe and sound.
The vendor mentioned was Carbonite and after reading about them here I became a subscriber. Roughly four years ago I think. I haven't had any use for them so far, but my local storage isn't getting younger or healthier.
YMMV, but dealing with DVDs is hardly a walk in the park. I have had the "pleasure" of retrieving some of my old DVD backups, and though some files survived, others did not. It is a very temporary way of storing files. (I doubt I even found all the DVDs I started out with) Depends of course what you are saving. In my case 1TB worth of pictures. Those files never change, so not too tempting to keep weekly backups around on tapes or optical storage.
Use DVDs or BluRay - Quick reminder if you follow this path is to buy a WATER-BASED marker to label your discs with. If you just use a random permanent marker it's probably spirit-based and these can fuck up the discs in 18 months or less. Reasonable-sized stationers should have them.
Dear soon-to-be-former pal,
I write to you as someone who bought you a pint in the pub last night to introduce you to this exciting new opportunity exclusive to the soon-to-be-former pals of ransomware victims!
Please send all your dosh to a Ukrainian criminal so I can unlock the full potential of my pr0n and warez collection which took me all week to download on my heavily monitored and throttled BT slowband connection, since I've never heard of backup and therefore this is my only copy.
Hugz,
Johnny B. Shite.
This sounds like a story from one of those anime "I will not publish these compromising photos of you with kitchen implements if you deliver your two school friends to my rape cellar"
How I know that?
Err... research. Yeah, research.
> Ransomware authors claim the ransom will be used to pay for food and shelter in Syria.
Hopefully the Russkies clean up, because the France/UK leadership (more like Frankenship, amirite) - which is basically the root cause of this mess together with the Saudi pals - is currently doubling down on the "regime change before ISIS" fantasy.