I’m confused about protecting backups from ransomware. Online, people say that backups are the most critical aspect to recovering from a ransomware attack.

But how do you protect the backups themselves from becoming encrypted too? Is it simply a matter of having totally unique and secure credentials for the backup medium?

Like, if I had a Synology NAS as a backup for my production environment’s shared storage, VM backups, etc, hooked up to the network via gigabit, what stops ransomware malware from encrypting that Synology too?

Thanks in advance for the feedback!

  • @[email protected]
    link
    fedilink
    51 year ago

    Look into the 3-2-1 strategy. Also: At least one Backup should be taken offline after the backup is done. This might be done via Tapes on a Tapelibary, where you would put your Used tapes into a fireproof safe (certified for Tape fire protection - ask me if you dont know what that means). Those backups that are not connected to a network are most reliable in such a scenario. Most encrypters encrypt right away and thus offline/archived backups are most likely not already affected.

    If your trojan was keeping itself silent for a couple of months (some specialised do that) even your archives are at risk. In such a situation mostly the only solution is to build from fresh.