Replies

I have never had a problem with DYNDNS as a DNS server or any of their other products.

One more consideration is being safe.
DYNDNS offers two DNS address for safe surfing.
They have their own white and black list for good and bad sites.
I have not had any problems using their DNS servers and usually setup my clients that are not careful about their surfing.

cloudsandskye
Your reply is well written and I thank you for it.
Now that the client has been hit once, I believe they will be more willing to this than before.
I just now got them to stop using the server as a workstation.
One problem I have is that the medical software they are using requires admin access.
I will read the write ups and see if any of it can be used.

Ron

Graham,
I’m not seeing the full picture here. How is a VM protecting your backup files?
If the VM has access to the backups then a VIRUS inside the VM can access them also.

Ron

gw,
Yes your idea may work, but I prefer something that is already savable like Mount and un-mount the external device.

Paul
I think that by the time you detect ransom-ware with your test it’s already too late.

I think we are getting a little off the path here.
The post in the beginning was about how to protect your backups from ransom-ware.
So far the best suggestions are:
An FTP server to backup to.
A hidden folder on the network that can only be reached by the full path.
Folders that are password protected.
Drives that can be mounted for the backup then unmounted after the backup.

I currently know how to implement all of these but was hopping to get some new suggestions from some of the PROs that use this forum.

Ron

Paul
The flaw in this test is: Ransom-ware is getting picky about what they go after.
So where do you put these files and how often do you check them. Once a day is too late.
The 1st one I looked at was a single PC, got all the files in My Documents, all on the flash drive and some system files.
The second was a server and it had all weekend to do it’s work. The server was only used for backups.
It got all the backup files but not the external unmounted drive. So recovery was painless.
The third was a medical server that runs a data base application via software called Office Mate.
On this server the only encrypted files were in the Office Mate folder, this included patient documentation and databases.
Nothing else was touched on the server. Recovery was a restore from an image backup from the day before, lost one day of work.

So, even if you were checking your files every hour, a lot of damage can happen in an hour.
Ransom-ware is as big a problem as bad as if not bigger than hacking and stealing information data.

Just to day a friend of mine that is a programmer and very careful got infected and he uses a MAC.
Of the 4 I looked at it seem that the source is somewhere in Russia.
I think you know how much help the World is going to get in stopping the Russians.

Ron

FTP WD MY Cloud has FTP but they do not support it on the local LAN only from the router VIA the WEB.

I have been looking at a QNAP box. it seems to give me all the options I need, like Hidden folder with password protection and they support FTP.
If you are using FTP or you have to furnish the full path plus credentials, then Ransom-ware won’t see the backup folder even if it is active at the time.
Only the backup software knows about the backup location.
The only problem here is you may be backing up already corrupted files so you need a retention period or more than one backup.
As nasty as ransom-ware is you will know your are corrupted with in a few hours.

Ron

lumpy95
You do know that this problem is not just with local networks RIGHT?
If you are logged in as a Microsoft account and you try to do a Remote Desktop connection to a Windows 8.1 or Windows 10 and those PCs only have local accounts you will never get past the credentials screen. Both ends have to be the same, local or MS.

lumpy95
I already know that if all are the same they can all share with no problem.
Problem is Microsoft has made changes without letting users know about it.
If they are going to change the networking rules we need to know about it.
If Microsoft had their way everyone would be using a Microsoft login.
To my way of thinking a mixed group should work together without any problems.
Myself and most of my customer do not like the Microsoft login, but its required if you want an app from the store and other things.
Yes you can have both a local and Microsoft login but that is extra overhead and confuses most users.
Microsoft is being very tight lipped about this; I wish someone with a big hammer would wake them up.

Mark
Good idea except I do not know how to automate this process.
This work as a manual process but can’t see it in a live business where systems are up 24×7.

Nick,
That is a really good reply and it seems that you have spent a good deal of time on the subject
A recent client that got hit and I was able to restore his system to the previous day with a backup that was on the WDMYCLOUD.
When you make the shared folder on the NAS password protected Ransom-ware is less likely to get at it.
The problem is the only backup software I have found to date that handles the extra password protection is Acronis.
I have also used a mount and dismount for a local external drive.
The backup software issues the mount before the backup and the dismount after.
This offers some protection, just hope that ransom-ware is not present during backup.
I just started looking at a Linux box “QNAP TS-251+ ” because it lets you hide and or password protect shares.

Backing up to an FTP server will keep ransom-ware out of the backups.

Yes I was hoping to have more feed back or suggestion from Windows Secrets but it has not happened.

Ron

Roland,
This is the problem automated backups in a business.
So me question still remains, how best to protect the backups?

To all thanks for taking the time to post your replies.
More and more virus protection vendors are claiming to cover ransom-ware, still remains to be seen just how good they are.

The problem which no one has yet offered any solutions to yet is:
How do you have auto-backups that backup to a system or device that can be made secure without human intervention?

The Ransom-ware must not be able to get to the backups even if they are online on the local network.
The simple and easy solution would be password protection on the share where the backups are placed.
Even though this is now possible, the system keeps storing the password to make the access easier for the user.
If Microsoft would add an option, check box to never add this password to the credentials it would help.
Or if the backup software vendors would add the ability to have a separate user name and password for both the source and destination.

I know there are a lot of smart people out there, someone should have the answer.

Good to know about Trend Micro but it’s just like Malwarebytes, it has to be installed before it can help.
I have some clients that do rotate drives but it is still a human having to remember it and who covers when that person is sick?

I know that a PC or Server can be hidden on a network so a browser won’t find them.
I also know that you can create a share on a WDMYCLOUD that is password protected.
The problem is being able to setup your backup software to furnish the user name and password for that share.
Most backup programs like EaseUS only want the user name and password foe the local PC it’s installed on.
Even though we can setup such shares the backup software is not friendly in using it.
Setting the share’s user name and password to the same as the PC user’s is the same as not having that protection.