Ransomware and Backup Recovery

Which backups do you use?
Images, Snapshots, or Replication?
Do you adhere to the 3-2-1 backup strategy?

ChrisTitusTech

3-2-1 rule is very important in this day and age.

ThePowerRanger

Veeam Backup & Replication (Community edition) let's you backup 10x workstations. Using ZeroTier on the machines, allows easy offsite backups using file shares.

zadekeys

Hi Chris thanks for offering to help but I managed to restore my files, fortunately, I had backed up most of my files on an old mechanical drive which i had removed from my system
really appreciate you getting back to me, especially with your busy schedule it's very much appreciated. Woody.

woodywilson

Hi Chris. Excellent video. Backblaze has saved my a$$ on many occasions. Very reasonably priced and the beauty of their 7TB HD shipping, you send the disk back within 30 days for a refund. Way to go 3, 2, 1.

pauldowling

One thing to note that when you have multiple boxes at different locations, the first replication between boxes almost needs to be direct attached, at least the same non-user LAN segment. So when the boxes are at different locations, only the delta's are sent across the line not the entire data set.

johnfvandenboschjr

As retired Sys. Admin. I got to wonder WTF. We could always get things back up quickly. That was our training.

normalizedaudio

We use file versioning to our local network Synology box. Also, we use Office 365 for a "cloud based" copy of the files. We also backup our Office 365 account with our Synology box as well. Then all of it is snapshot out to USB drives and taken to safe deposit box.

Given that ransomware runs so well on Windows, I'm trying to push the company further in to Linux. We're also about 1/2 MacOS and half Windows 10 on the client side. So, not all our eggs are being cooked by the same chef.

coldham

What the amazing part about the recent stories is that such attacks have been going on for years and that they are still successful. Why are the businesses and institutions still asleep at the wheel?

tomspencer

Absolutely brilliant. Thumbs up on the video. I have recommended the video for education as well as reference to how important the 3 2 1 system can work for you.

paultrainer

OK... so, Every one talks about the 3-2-1 rule backup rule, and 1 for remote backup... The issue always has been privacy and security of one's data... some people have always been shy of remote backup because most encryption is NOT IRON CLAD unbreakable, and when you physically have your data in some one else's physical possession (The Remote site, cloud, data center, etc., ) you are entrusting someone else with your DATA... This is always has been and will always be a concern... HOW DO YOU RESOLVE THAT?? - Encryption is breakable

George_K

Chris man. I just use to use YouTube to solve my current technical issue at hand. I Also spent 6 months on system build watching because eh... it was time for a new build and I count on these techs to provide me their best testing and recommended solutions. I accidentally somehow ran into one of your videos on cleaning up bloatware and not to give an you ego boost or what not but many of your Windows and security videos is right up my alley. So I think with your channel now subscribed to, I am up to like 25 :P

thatitdood

No replacement for modern imaging, and automated backups, especially in a world where RW can bring small business owners to the brink of suicide without a solid/secured backup strategy. Thankfully virtualization can help mitigate some of the attack surface when the proper firewalling, and security practices are at play.

As far as what I practice, I tend to run guest OS's on Proxmox, doing a full image (shutdown), and I run a container which has read-only permissions into the backup directories of PVE where this runs RClone nightly to encrypt before upload to BackblazeB2.

kylecurry

What you missed is the cost of online backup. If you have gigs of data with time can cost more then the ransomware.

RaymondDay

I've got QNAP hardware, and currently I have a NAS that backs up to another NAS that's onsite via SnapSync. That's good so far, but not perfect. I'm tempted to buy another NAS, and have a company in town host my current backup NAS. Alternatively, I can look at hosting costs vs the cost of another NAS, vs the cost of just hosting some or all of that data on AWS/S3 or some other cloud service. Though to be honest, relying on someone else's cloud makes me a bit nervous (they could have a datacenter burn down, have bad security practices, or just cheerfully hand over my data to the government without warrants or oversights).

So.... Local storage on each PC/Mac/device. Primary NAS with various storage pools running in either RAID 1 or RAID 5 (I have cold spares onhand). Secondary NAS that's less powerful, also RAID 5, to act as "big dumb backup storage". RAID isn't backup at all, it's just protecting against drive failure. The backup NAS has ONLY read-only snapshots synced over from the main NAS.

I can do things to isolate both NAS, like not opening ports in my NAT router, making sure UPnP stays OFF everywhere (I downloaded a Mac app once, and noticed that after using it, my main router had UPnP reenabled somehow after I manually disabled it. Holy hell that's a security risk.) I can limit access to the NAS directly from certain ip addresses or maybe even MAC addresses, and get creative with VLANs and ACLs. However, none of that would have stopped the Qlocker ransomware that struck recently, because the highly competent developers over at QNAP left hardcoded security credentials in their Hybrid Backup Sync app that were compromised.

So.. ideally now I need to seriously consider moving to a 3-2-1 strategy. So I can either decide what data is critical and back that up to a cloud (already done that), and then decide whether I want my Plex media backed up also. If so, I'll likely go the hosted backup NAS route. That would justify my purchasing a better NAS for tons of $$.

This isn't for business, this is all personal stuff, but the same principles apply.

Good video, and it's very important to get these ideas across to as many people as possible.

asdf

Hi Chris, I'm looking forward to your Windows 11 optimization.

vanthuanluong

*Question Sir*, I have people all the time ask me what anti virus to use. I find most too intrusive to system resources. I personally have used and like Kaspersky as they seem to catch new virus' sooner than many competitors (my guess is Russian software/Russian virus'). Kaspersky though has over the past couple years wanting to push addons through popups and I have let my subscription run out because of that. Microsoft seems to be ok but for the users who like to facilitate sites that propagate trouble it's a dead time it seems like for anti virus' .

thatitdood

My college needed ONE LONG MONTH to fully restore services after a ramsomware attack by the Ryuk software.

alejandroguzmanmartin-onda

The governments of many countries should take notes !!!! I will suggest people to send videos like this to representatives of their government 😊

alexandermyrthue

@Chris Titus Tech I seen in one of your videos smb1 is insecure but I haven’t seen anything about how to fix this with moving to smb2/3, can you do a video about properly moving to smb2/3 with Linux using it as a server and on windows as a client?

talkinginthecloud