NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
CryptoLocker and a backup strategy
I am requesting the community to evaluate and criticize this approach to CyberLocker We are basically a Windows shop and we are scared to death about the CyperLocker virus. From what I read, ...
Let's summarize this thread. I will open a new thread regarding the Netgear implementation/use of the rsync command.
CryptoLocker and its variants are ‘in the wild’ and using an infected PC to encrypt most files as well as the file and directory names. The malware chases all local drives and any mapped drives as it encrypts the data. Once encrypted users are told to pay a ransom of between $700 and $70,000 dollars in bitcoins or never recover their data.
Currently the only way to feasibly recover the data is either pay a ransom or restore the data from backup files. The backup files should be on a ReadyNAS share that does not have SMB access enabled so the malware cannot detect the data – it is not part of a mapped drive.
The intention is to have backup of various Windows files and directories on a ReadyNAS that are the object of drive mapping in local PC network.
- The backup share should be established without SMB protocol enabled. Turn SMB off in the Network Access tab in the file properties
- The rsync protocol should be enabled and Read/Write access should be allowed. Use the Network Access tab in the file properties.
Now there is a location for file backups that will not be discovered by CryptoLocker.
The next step is to establish a backup job(s) to copy the ‘live’ mapped data to the essentially hidden data area.
Bains wrote:
I have posted a thread asking about these issues as you suggested. Encourage your management to have somebody focus on the answer.
I don't work for Netgear, so that would have come from mdgm or one of the other Netgear employees.
Bains wrote:
Are the snapshot files the incremental feature that is discussed?
No, snapshots are something different. This thread should give you the core idea: https://community.netgear.com/t5/ReadyNAS-in-Business/ReadyNAS-312-Need-Help-Understanding-Snapshots/m-p/936581#M3036
Bains wrote:
The firmware manual says a restore is essentially a reversal of a backup job. I tried defining a restore job – the source being 127.0.0.1 and the backup directory and the destination being the local directory I could browse to. Testing the connection lead to an error. Any ideas?
It should reverse ok, but sometimes test connection fails when it shouldn't. Of course rsync needs to be enabled on both shares, etc.
Though I suspect in your case you'd be restoring to a user PC. I'd probably temporarily enable SMB on the backup share, and drag/drop (or better, use teracopy or robocopy) on the PC.
Let's summarize this thread. I will open a new thread regarding the Netgear implementation/use of the rsync command.
CryptoLocker and its variants are ‘in the wild’ and using an infected PC to encrypt most files as well as the file and directory names. The malware chases all local drives and any mapped drives as it encrypts the data. Once encrypted users are told to pay a ransom of between $700 and $70,000 dollars in bitcoins or never recover their data.
Currently the only way to feasibly recover the data is either pay a ransom or restore the data from backup files. The backup files should be on a ReadyNAS share that does not have SMB access enabled so the malware cannot detect the data – it is not part of a mapped drive.
The intention is to have backup of various Windows files and directories on a ReadyNAS that are the object of drive mapping in local PC network.
- The backup share should be established without SMB protocol enabled. Turn SMB off in the Network Access tab in the file properties
- The rsync protocol should be enabled and Read/Write access should be allowed. Use the Network Access tab in the file properties.
Now there is a location for file backups that will not be discovered by CryptoLocker.
The next step is to establish a backup job(s) to copy the ‘live’ mapped data to the essentially hidden data area.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
