Avatar of aando
aando
 asked on

How to backup TB of individual files that change often while protecting from Ransomeware?

Looking for suggestions on how to backup NAS devices or SAN with 20+ TB of data that can help to protect from Ransomeware. I have been just using replication to backup to other storage solutions. However if I get hit with Crypto then it will encrypt the other storage as well. This is a photography studio and they add tons of images weekly. So I'm looking for backups solutions and ideas. 

StorageStorage Software

Avatar of undefined
Last Comment
Philip Elder

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Lee W, MVP

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
nobus

i would use a separate pc with no internet connection for backup - then you are sure
Kimputer

Any server that uses agents or pull requests, can do full and incr/diff backups on intervals, are also safe from Cryptoware.
You may backup encrypted files in the last few runs, but the full and incr/diff from BEFORE the attack, are still there to be restored easily.
Use this BESIDES your replication solution for the fastest way to restore. That's because the replication probably won't be all attacked at once, only single departments. So restoring only those departments will be the fastest way.
rindi

If tape is not an option for you, make sure you backup to detachable Storage (USB disks, or external SATA disks for example). After the backup is complete, remove those disks. For the next backup use other disks. Make sure you have enough of them to make several sets of backups before you use them again for a new backup.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Philip Elder

Veeam.

Set up for the required amount of backup space on a dedicated NAS plus growth.

Set up a Scale-Out Backup Repository (SOBR) in Veeam that includes the above as well as a BackBlaze B2 bucket pair:
 Bucket 1: Immutable for 30 to 90 days (you choose based on requirements)
 Bucket 2: Not Immutable

Configure your backups for local storage.
Configure your cloud tier copies based on what needs to be protected from ransomware encryption.

B2 is the best cost and the best business model for cloud backup storage IMNSHO.
aando

ASKER
Very helpful information that will help me build my solution. Headed to Cybernetics to check out their Tape Solutions. Thanks Everyone. 
sword12

use backup repository which support snapshot
snapshot hackers can't encrypte
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Philip Elder

@sword12 Perps are known to delete Previous Versions (Volume Shadow Copy) snapshots along with any backup files/server(s) they find. Usually, they work their way from oldest to newest during the delete process.

Once they have everything "cleaned up" they then fire off the encryption malware.

Things are pretty sophisticated on that end now.

Some are even going so far as to copy data off and use that as hostage instead of encryption.
sword12

last month we got a attack and they encrypte everything also our storage
but because i did configured snapshot shot on our backup storage
i manged to recover 98% of our systems and data

shadow copy Microsoft is not a good idea here
Philip Elder

One can enable the recycle bin on a NAS device. The catch is the amount of free space on NAS storage needs to be enough to allow for the originals to stand there.

You got lucky. Perps are getting very skilled at gaining access to storage to delete snapshots.

The other aspect is they make changes based on file access dates killing the older stuff first that no one would notice. Then, the snapshot copies to another NAS/SAN are toast over time.

There's no foolproof way out of this short of immutable. We do so with a Veeam Scale-Out Backup Repository setup as mentioned above.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck