asked on 11/1/2021

How to backup TB of individual files that change often while protecting from Ransomeware?

Looking for suggestions on how to backup NAS devices or SAN with 20+ TB of data that can help to protect from Ransomeware. I have been just using replication to backup to other storage solutions. However if I get hit with Crypto then it will encrypt the other storage as well. This is a photography studio and they add tons of images weekly. So I'm looking for backups solutions and ideas.

Storage Storage Software

Last Comment

Philip Elder

11/5/2021

ASKER CERTIFIED SOLUTION

Lee W, MVP

11/1/2021

THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

nobus

11/1/2021

i would use a separate pc with no internet connection for backup - then you are sure

Kimputer

11/1/2021

Any server that uses agents or pull requests, can do full and incr/diff backups on intervals, are also safe from Cryptoware.
You may backup encrypted files in the last few runs, but the full and incr/diff from BEFORE the attack, are still there to be restored easily.
Use this BESIDES your replication solution for the fastest way to restore. That's because the replication probably won't be all attacked at once, only single departments. So restoring only those departments will be the fastest way.

rindi

11/1/2021

If tape is not an option for you, make sure you backup to detachable Storage (USB disks, or external SATA disks for example). After the backup is complete, remove those disks. For the next backup use other disks. Make sure you have enough of them to make several sets of backups before you use them again for a new backup.

Philip Elder

11/1/2021

Veeam.

Set up for the required amount of backup space on a dedicated NAS plus growth.

Set up a Scale-Out Backup Repository (SOBR) in Veeam that includes the above as well as a BackBlaze B2 bucket pair:
Bucket 1: Immutable for 30 to 90 days (you choose based on requirements)
Bucket 2: Not Immutable

Configure your backups for local storage.
Configure your cloud tier copies based on what needs to be protected from ransomware encryption.

B2 is the best cost and the best business model for cloud backup storage IMNSHO.

aando

11/4/2021

ASKER

Very helpful information that will help me build my solution. Headed to Cybernetics to check out their Tape Solutions. Thanks Everyone.

sword12

11/5/2021

use backup repository which support snapshot
snapshot hackers can't encrypte

Philip Elder

11/5/2021

@sword12 Perps are known to delete Previous Versions (Volume Shadow Copy) snapshots along with any backup files/server(s) they find. Usually, they work their way from oldest to newest during the delete process.

Once they have everything "cleaned up" they then fire off the encryption malware.

Things are pretty sophisticated on that end now.

Some are even going so far as to copy data off and use that as hostage instead of encryption.

sword12

11/5/2021

last month we got a attack and they encrypte everything also our storage
but because i did configured snapshot shot on our backup storage
i manged to recover 98% of our systems and data

shadow copy Microsoft is not a good idea here

Philip Elder

11/5/2021

One can enable the recycle bin on a NAS device. The catch is the amount of free space on NAS storage needs to be enough to allow for the originals to stand there.

You got lucky. Perps are getting very skilled at gaining access to storage to delete snapshots.

The other aspect is they make changes based on file access dates killing the older stuff first that no one would notice. Then, the snapshot copies to another NAS/SAN are toast over time.

There's no foolproof way out of this short of immutable. We do so with a Veeam Scale-Out Backup Repository setup as mentioned above.