In this article we describe how to protect against ransomware, CryptoLocker, Trojans, viruses, and other forms of digital vandalism.
How to Protect Your Data Against Attacks
Depending how your infrastructure is set up and what kind of virus strikes you may be able to recover from it; however, having a server backup is usually not enough because ransomware maliciously scans all drives and network shares it can find and encrypts each file with a random password. Unfortunately if the ransomware or CryptoLocker virus has access to your backup files, those will also no longer work to recover your data!
The main issue is that there is no way to truly write-protect files when the system actually has write access to them. For that reason there are two main prevention techniques: make access physically impossible (preferred but requires manual labor), and less effective, prevent certain types of ransomware attacks by isolation.
We recommend the following practices to protect against ransomware, trojans, intruders, and other forms of digital vandalism. The only real protection is strategic prevention, in the form of a good server and PC backup.
The Gold Standard Against Ransomware Attacks
The best “gold standard” strategy practiced by many of our users, in addition to other types of backups, is physical isolation and duplication:
First, create a backup task that rotates at least two external drive targets. Many users opt for one drive for each workday. The external drive must be electronically disconnected when the backup has finished. Also, all other external drives that are part of the rotation should not be connected permanently to the server; just one drive at a time. This practice ensures you have a physically detached and 100% isolated backup medium that is protected from manipulation. If all drives are permanently attached, you basically provide the attacker (or ransomware) with simultaneous access to all your backups.
In BackupChain’s File Types screen, the column ‘delayed deletion’ should be set to ‘never’ (default) or a reasonably long period of time to give you enough time to react; otherwise, BackupChain would eventually delete the original file from the backup media when the time limit specified in ‘delayed deletion’ has passed. Likewise, do not use short ‘retention period’ settings as they can also lead to total loss after the period passes.
Note that this strategy also protects against theft, bit rot, media failure, vandalism, electrical issues, disk and file system corruption.
Silver Standard Protection
Next best, prevent within reasonable limits how ransomware accesses backups and other important network information:
First, use a dedicated BackupChain user account to access network target shares. Hint: access network shares in BackupChain via IP address instead of network name to prevent name clashes when other user sessions access the same network server. Second, switch the Log On settings of BackupChain Service to use a dedicated BackupChain user account (domain admin + fixed password) instead of ‘local system’. By doing this, BackupChain runs in its own isolated user session and network shares aren’t accessible from the system user session or other sessions.
Furthermore, it’s beneficial to set up the network share such that only the BackupChain user has access. If you have more than one servers backing up to the same network server or NAS, place each backup client in its own network share when backing up to a NAS so that if one server gets infected, the other server’s data remains intact. Taking this idea to the next level, you could also replicate to several NAS via multiple backup tasks, in case a NAS becomes infected or ransomware somehow manages to get access to it.
It makes sense to lock down NAS servers to prevent access by other users and to use firewalls even for internal networks. Apart from backing up to targets on the network, consider adding cloud backup, which is also isolated from ransomware access.
The BackupChain Advantage
BackupChain has helped many companies to successfully recover from ransomware attacks. Its file versioning backup feature creates a backup history you can rely on and fine-tune to suit your organization’s needs. In the case of a ransomware attack, you can revert your file server structure back to how it was before the attack by recovering a known restore point and BackupChain takes care of the rest.
Backup Software OverviewThe Best Backup Software in 2023 Download BackupChain®
BackupChain is the all-in-one server backup software for:
Disk Image Backup
Drive Cloning and Disk Copy
File Server Backup
Virtual Machine Backup
Server Backup Solution
- Best Practices for Server Backups
- NAS Backup: Buffalo, Drobo, Synology
- How to use BackupChain for Cloud and Remote
- DriveMaker: Map FTP, SFTP, S3 Sites to a Drive Letter (Freeware)
- VM Backup
- V4 Articles
- Knowledge Base
- Archive 2022
- Archive 2021
- Archive 2020
- Archive 2019
- Archive 2017
- Archive 2016
- Archive 2015
- Archive 2014
- Archive 2013
- BackupChain (German)
- German Help Pages
- BackupChain (Greek)
- BackupChain (Spanish)
- BackupChain (French)
- BackupChain (Dutch)
- BackupChain (Italian)
- BackupChain is an all-in-one, reliable backup solution for Windows and Hyper-V that is more affordable than Veeam, Acronis, and Altaro.
Other Backup How-To Guides
- Why You Need To Defragment Your Backup Drives
- How to Fix: The semaphore timeout period has expired, Error 121
- Backup Tool for Outlook 2013 / 2010 PST Files
- Path Too Long? Try Delete Long Path File Freeware Tool DeleteLongPath™
- Bit Rot & Data Loss: Are You Aware of Its Damage Potential?
- How to Check Hard Disk Health Without Downtime
- Volume Shadow Copy Error Diagnostic Freeware VssDiag
- How to Fix VolSnap 25 Error The shadow copies of volume C: were deleted
- How to Install Microsoft Hyper-V Server 2012 R2 / 2008 R2
- OneDrive Backup Software for Windows PCs and Servers
- Automatic Hyper-V Backup on a Schedule
- How Fix Invalid File Date Time Automatically
- Why a Hyper-V Checkpoint Isn’t a Backup
- Easy and Secure FTPS Server
- How to Easily Protect Your Servers Against Ransomware
- How to Backup and Restore Hyper-V Virtual Machine
- Differential Backup
- Hyper-V Granular Backup vs. Hyper-V Full VHD Backup
- How to Restore a File Based Backup of Hyper-V