"Smart" Backup Products? VS Ransomware

louno

Distinguished
Sep 7, 2009
146
0
18,680
So, my friend just got ransomware hacked and he didnt want to pay 1000$ to recover is data, so he lost all his data on all his drives... this got me thinking, I need a backup solution asap, because if something like this happened to me i'd be in deep shit... all my work, all my photos, years and years of data, it would be catastrophic for me.

I never bothered with backups because, I have antiviruses and I'm not dumb (opening .exe in emails, download warez, etc), but my friend is the same, he's actually even more careful than me, so if it could happen to him, it sure can happen to me. Right now, I only rarely do small manual backups once in a while on my internal drives (I have a 500gb drive called "backup" and I just copy stuff there like, very rarely)... but that doesnt protect against ransomware as it can lock all your files on all your drives...

I dont really trust cloud backups ( Should I ? ) but even if I did, the issue is that it would take forever to upload everything (I have about 2TB of data, but not 100% of all that is backup worthy), furthermore I dont have unlimited internet data (only have 400gb) so, the backups would need to be "smart" (only upload the new/changed files in specific folders). Also, i'm wondering how cloud backup would be effective against ransomware, if all my files are infected/encripted, they would be uploaded to the cloud and having a backup of encripted/infected files would do no good... I'd need the possibility to go back in time to a date when I know my stuff was clean.

I also wonder about NAS? i'm guessing that wouldnt be effective against ransomware?

What do you guys recommend? Specific products/services/softwares... I really want something simple, I dont want to break my head, something relatively cheap would be good too (under 200$ if possible)...

Thx!
 
Solution
i've got six of those seagate backup slims - all have run fine except one, some sort of issue with it's USB board (it will only complete transfers when connected to a USB 2.0 port) - but there have been threads across the web of folks complaining of that drive.

My suggestion is a SSD drive, of equal size to your OS hard drive. Reason i suggest a SSD is that it will complete the backup quicker, ie less time, which means you won't be prone to procrastinating backups

i use Macrium Reflect, the free version, for my backups - and use the recovery disc to boot into linux and do a complete backup - takes about 20 minutes (177 GB OS drive) and i leap frog backing up to two different SSDs, ie, back up to SSD1 this week, and SSD 2 next week, -...
There's many ransomware products that hit network drives as well. I work for a very large company and we had some macro enabled word document attachments make it through the firewall today actually, that of course people at various locations immediately opened, and it start encrypting their PC, as well as any network resource that PC had access too.

Your best bet really is backups. And not a backup attached to your PC, you just need a couple externals. I keep an external in my safe, that gets plugged into the PC every now and then to backup new stuff. Then I have another external at my inlaws (to prevent things like fire from destroying all my backups in the house) and I just swap out to two externals every now and then. External drives are cheap, pick up a couple keep one on site, one off site.

On top of that the same data is duplicated across three PCs in the house, as well as two hard drive in the main PC. Nothing complex about it, and a couple easy scripts copy updated files no problems. Anything important is on an encrypted/partition drive anyways.
 

louno

Distinguished
Sep 7, 2009
146
0
18,680


Ok so just an external drive plugged to my pc with usb3? And then what? you copy files manually or do you use some type of software (which one) than can automatically check specific folders for new files, or files that have been modified since last backup and transfer only the necessary data?

Thx!

 
The idea is not to have the hard drive plugged into your PC all the time. Just when you need to update a file. If you get hit by a virus it will infect your hard drive if it's plugged in. So the idea is to keep it unplugged as much as possible.

So at home, I generally just copy and paste files from the one hard drive to the other. Every so often when I've changed things up, I'll wipe the backup clean and re-copy over everything.

At work, I have two scripts that I run (simple .bat files created in Notepad). One just copies new or changed files, and then shuts down. THe other formats the backup drive, then copies everything, then shuts down the PC.

Just to give you an idea, here are the ones from my work PCs, which are Windows based:

Normal Backup.bat (deletes my outlook backup from D: the backup drive, copies the new backup of outlook, then uses xcopy to copy new files from between the two backup drives D and R (removeable)):

del "D:\Work\outlook Backup\Mike.pst" /f /q
copy C:\Users\name\Documents\Mike.pst "D:\Work\Outlook Backup\" /y
xcopy D: R: /d /y /r /h /s /c /f /i
shutdown /s /f /t 0 /c "Backup Complete, Shutting Down."

Full Backup.bat (Simlar to above, just this one formats the backup drive and then copies everything):

del "D:\Work\outlook Backup\Mike.pst" /f /q
copy C:\Users\name\Documents\Mike.pst "D:\Work\Outlook Backup\" /y
format R: /y /q /v:Removable
xcopy D: R: /y /r /h /s /c /f /i
shutdown /s /f /t 0 /c "Backup Complete, Shutting Down."

I use some scripts on my Linux machines as well, so if you happen to be running Linux, I should be able to point you in the right direction that way too.

No reason to make it complicated, you just need more than one backup, and preferably they should be "air-gapped" just so things can't be infected if you get infected by something.
 
A TRUE backup needs to be offline when you are done with it.

Look you don't need to go paranoid and keep things up to the minute. When things hit you are gonna lose a couple of days, so plan it that way. If you can't even lose a couple of days, then some sort of multi-layer backup strategy.
 

louno

Distinguished
Sep 7, 2009
146
0
18,680
losing a couple of days is fine...

ok so did some more research and found this: https://www.youtube.com/watch?v=BZnljKjJLvM
So, unlike the video, I wont have a "backup button" though... so what i'm thinking of doing is to get a Seagate Backup Plus Slim 2TB, then, i'd use FreeFileSync for backups. I'd set it like in the video so that everytime I plug in the drive, it checks specified folders and backup the data. So once initial setup is done i'd just have to plug the drive once every week or so, unplug when it's done, and that's it!

 
i've got six of those seagate backup slims - all have run fine except one, some sort of issue with it's USB board (it will only complete transfers when connected to a USB 2.0 port) - but there have been threads across the web of folks complaining of that drive.

My suggestion is a SSD drive, of equal size to your OS hard drive. Reason i suggest a SSD is that it will complete the backup quicker, ie less time, which means you won't be prone to procrastinating backups

i use Macrium Reflect, the free version, for my backups - and use the recovery disc to boot into linux and do a complete backup - takes about 20 minutes (177 GB OS drive) and i leap frog backing up to two different SSDs, ie, back up to SSD1 this week, and SSD 2 next week, - if/when i clone back to the OS drive, it overwrites any ransonware, virus, malware etc. As others have suggested above, the backup drive should be disconnected from the system when not doing a backup - i use one of these http://www.ebay.com/itm/Kingwin-KF-251-BK-Dual-Bay-Hot-Swap-Rack-2-5-3-5-SSD-HDD-Key-Lock-BRAND-NEW-/231847119168?hash=item35fb2a4940:g:igYAAOSwQYZWwpxM

- one of the bays does not have a sata port connected, i use it just for the power connection and that's where i store the older backup. The fresh backup gets removed from the bay once the backup is completed.

hope that helps
 
Solution
just to add a note -

a) i'm not electronically literate but various threads on the web, including this forum, have indicated SSDs will loose date or corrupt if not powered every so often. The general wisdom is having power every 2-3 months. That's why i leave the top tray in that dual bay hot swap adaptor without a sata connection, but with a power connection.

b) when i use Macrium Reflect, as i stated above i'll boot with it's rescue disk into linux and Clone the OS drive (not just a backup). A clone copy is a complete mirror image including all boot files, so the cloned disk will actually be bootable on it's own. In fact, when i've forgotten the cloned SSD in the lower tray after cloning, as my OS drive is a samsung 950 PRO PCIE NVMe SSD, for whatever reason, my system sees the sata connected SSD first and boots to it

but i can't tell you how many times having a current clone and cloning back to the OS drive has saved me tons of time, when a malware / virus / trojan infects my system. Before i've spent hours following the instructions on majorgeeks.com on how to eradicate "XXX" malware from my sytem. Cloning from a SSD over a SATA connection takes me now about 14 minutes (just had to do it earlier this week).

FWIW