Backup File Server to DAS

IT-ADMIN

wow, those ransomware are scary, did anyone experience them ?? i think it is very rare to get affected by them ??

scottalanmiller

@IT-ADMIN said:

wow, those ransomware are scary, did anyone experience them ?? i think it is very rare to get affected by them ??

Very common, actually. Go on Spiceworks and someone gets one nearly once a week. They are the biggest threat in IT right now. It's VERY scary.

There is a reason why people are moving to fully decoupled backup systems across the board (never running the backup software from the same system.) Because they need the protection for normal issues like ransonware. Anything talking over DAS, NAS or SAN protocols is vulnerable, extremely vulnerable.

You ideally want stuff that is offline like tape but most make due with systems that at least have an air cap like Unitrends.

Dashrender

@scottalanmiller said:

@Jason said:

@Dashrender said:

Would hiding the shares with a $ make any difference in this situation?

doubt it, that's not really hidden, it's up to the client device to hide it from the end user. Windows explorer hides it from the user. Linux and others do not.

Which means that the ransomeware code is not going to hide it either. Likely it won't even notice that you've attempted to hide something. Much like MS Office security, open those files with something other than MS Office and that private data hidden in there is exposed in such a way that the people using it are not even aware that you thought that you were hiding it.

LOL - wow.. I didn't know that about that feature. I'll try to remember to remind others it's really a pointless feature.

dafyre

@IT-ADMIN said:

@scottalanmiller said:

@IT-ADMIN said:

how to make a NAS not mapped, is it by using username and password right ??

Simply don't map it!

great, so i shouldn't create a map drive (pointing to NAS) in the server sending the backup to the NAS

You can configure that in Veeam so that it doesn't need the mapped drive. However, as others have mentioned, I would create an AD account specifically for backups. Create your share on the NAS so that only the backup account has access to it.

IT-ADMIN

i think those ransomware engineers attack US businesses, because they know that the core economy reside in USA, they will not spend their time to attack worthless data of business in countries like qatar, lol

scottalanmiller

And backup the NAS to something that goes offline, like a USB external drive or tape.

scottalanmiller

@IT-ADMIN said:

i think those ransomware engineers attack US businesses, because they know that the core economy reside in USA, they will not spend their time to attack worthless data of business in countries like qatar, lol

That's not in any way how any of this works.

http://www.joeyoungblood.com/wp-content/uploads/2015/02/reddit-thats-not-how-this-works.jpg

IT-ADMIN

hhhhhhhhhhhhhhhhhhhhhhhhhh

IT-ADMIN

scottalanmiller

@IT-ADMIN said:

i think those ransomware engineers attack US businesses, because they know that the core economy reside in USA, they will not spend their time to attack worthless data of business in countries like qatar, lol

That you have said this makes you the absolute most likely candidate for this to happen to. This is the least secure thinking I could imagine.

Why do you feel that ransomware "targets" anyone? It does not. It hits everyone. EVERYONE. There is no concept of "don't take HIS money, he doesn't have a lot." That's crazy. They aren't going to waste their own time and effort avoiding you, if you can afford the ransom they will just shut you down and use you as an example to others. They have no way to know, nor would they care, that you are in Qatar.

Take a moment to empathize with ransomware writers, their goals, their effort, how this works. Clearly being in Qatar provides you absolutely zero protection from this. If anything it makes it far more likely because you do business with similar insecure companies.

IT-ADMIN

now i see, and how people get affected by this damn ransomware, ??
spam emails or maybe an affected USB ???
so that we can take our precaution

DustinB3403

@IT-ADMIN said:

now i see, and how people get affected by this damn ransomware, ??
spam emails or maybe an affected USB ???
so that we can take our precaution

All of the above are sources of Ransomware.

IT-ADMIN

very scaaaary, i hope never waking up in the morning with a screen like this, damn

scottalanmiller

@IT-ADMIN said:

now i see, and how people get affected by this damn ransomware, ??
spam emails or maybe an affected USB ???

Anything could do it.

dafyre

@IT-ADMIN said:

now i see, and how people get affected by this damn ransomware, ??
spam emails or maybe an affected USB ???
so that we can take our precaution

Pretty much all of those. All it takes is one person to pick up a strange USB device and plug it in at their office computer... or to click one bad link in an email... or even one malicious ad on a legit website (https://blog.malwarebytes.org/malvertising-2/2015/08/angler-exploit-kit-strikes-on-msn-com-via-malvertising-campaign/)

Dashrender

@scottalanmiller said:

Why do you feel that ransomware "targets" anyone? It does not. It hits everyone. EVERYONE. There is no concept of "don't take HIS money, he doesn't have a lot."

This is the problem. For some reason, people (in general) think that there is someone at a keyboard running these virii. They clearly don't understand that they are completely automated and are happy to steal $0.01 vs 1 billion dollars. And by happy I mean, no feelings at all.

scottalanmiller

@IT-ADMIN said:

so that we can take our precaution

• Never use software from third parties like download sites.
• Never use cracked software
• Keep your systems fully up to date and patched
• Run the latest software, not old versions
• Follow the principle of least necessary privilege
• Never let users be administrators
• Use a good AntiVirus like WebRoot and keep it updated
• Use a good firewall with Layer 7 filtering, like Palo Alto
• Restrict what users can do on the network, like going to random websites or inserting USB sticks
• Move from file servers to decoupled storage like many cloud products have
• Use decoupled backups
• Use backup media that is offline (like tape)

scottalanmiller

@Dashrender said:

@scottalanmiller said:

Why do you feel that ransomware "targets" anyone? It does not. It hits everyone. EVERYONE. There is no concept of "don't take HIS money, he doesn't have a lot."

This is the problem. For some reason, people (in general) think that there is someone at a keyboard running these virii. They clearly don't understand that they are completely automated and are happy to steal $0.01 vs 1 billion dollars. And by happy I mean, no feelings at all.

And also happy if you cannot pay and will just post online about how you lost everything and went out of business because that makes them money too from other companies that now know that they will have to pay.

IT-ADMIN

i realize that i was very ignorant about the risks we have as network admins, i should setup a good backup plan as soon as possible, wow we are like in a forest, the strong eat the weak

Dashrender

@scottalanmiller said:

• Use a good firewall with Layer 7 filtering, like Palo Alto

How many of use actually do this though?