× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Protection from ransomware

alexofindy1
Guide

Protection from ransomware

Recent vintage Readynas units which I think use btfrs usually create snapshots, and files in a snapshot can be restored either from Frontview, or I believe from Windows; the latter is by right clicking on a file and selecting previous versions.

 

My questions is: are snapshot versions of files vulnerable to corruption by ransomware, since the files are accessible from Windows?  It looks like only restore is possible from windows, so I'm hoping the answer is that as long as there is sufficient disk space for the snapshots on the readynas, that the previous versions should be OK..

Model: RN31664D|ReadyNAS 316 6-Bay 6x4TB Desktop Drive
Message 1 of 3
StephenB
Guru

Re: Protection from ransomware


@alexofindy1 wrote:

It looks like only restore is possible from windows, 


Correct.  But the snapshots will be deleted from the NAS if the file system gets too full.

 


@alexofindy1 wrote:

so I'm hoping the answer is that as long as there is sufficient disk space for the snapshots on the readynas, that the previous versions should be OK..


That basically is the answer, but the followup is how much free space do you need on the NAS?  The snapshots are deleted automatically when the file system becomes >= 90% full.  You don't want to increase that threshold, as btrfs will misbehave if the file system gets too full.

 

If a single PC is infected, then every file on the NAS would be encrypted once.  If you want enough free space to preserve the snapshots througout the attack, then you'd need to maintain at least 55% free space on the NAS.  That would ensure that you'd have at least 10% free space after the attack.

 

However, if you have multiple PCs being infected, then there is a chance that the ransomware on all the PCs will encrypt the files on the NAS.   If an already-encrypted file is encrypted again, then you could end up needing even more free space. It would depend on how often the snapshots are made (and how long it takes you to disconnect the NAS from the network after an attack).

 

What I've done myself is back up the main NAS to secondary NAS that don't have SMB enabled.  Those backups are done daily, so I have a reasonable time to disconnect them from the network if the PCs are infected.  I augment that with cloud backup, which ought to allow me to recover the original files even if I don't react quickly enough to the attack.

 

Message 2 of 3
aks-2
Apprentice

Re: Protection from ransomware

In addition to what StephenB mentioned, you might consider a local physical backup to a USB connected drive, which serves great for backup in many situations just like your case here. It is not good for total facility disaster, or theft, but every solution has pros and cons. Depending on the data and frequency of change, you may need to consider several strategies to keeping your data safe.

For me it's all family stuff, photos mainly, music collection, and documents. Low rate of change, so backup is fairly straightforward in my case.

I do also have multiple NASs, but I have not used each to back up the other yet.

 

** oh, important point: disconnect the USB drive when not doing a backup, that way it stays safe!

 

Message 3 of 3
Top Contributors
Discussion stats
  • 2 replies
  • 893 views
  • 0 kudos
  • 3 in conversation
Announcements