Petya Ransomware

I really need to get a backup solution in place for all of my & my wife's important stuff (and probably my parents' systems as well) with all of these crypto variants gaining popularity.
 
Not just any backup solution, either. So many of the variants now scan for local and network drives and spread to those as well, so network backup solutions aren't really the way to go for protection from this anymore. Something like Carbonite would probably be the best solution for the common user. It's automated and it's not mapped, so the infection shouldn't spread. Although, I suppose you could setup a network backup at home using FTP and an automated software to backup select directories as well.
 
MidnightShadow said:
Not just any backup solution, either. So many of the variants now scan for local and network drives and spread to those as well, so network backup solutions aren't really the way to go for protection from this anymore. Something like Carbonite would probably be the best solution for the common user. It's automated and it's not mapped, so the infection shouldn't spread. Although, I suppose you could setup a network backup at home using FTP and an automated software to backup select directories as well.
Click to expand...

Can also setup a task to run a backup to a network share as a service account, that only that account has access to and then backup over a network share that way as well.

I would probably end up doing a combined local / cloud backup solution.
 
carnageX said:
Can also setup a task to run a backup to a network share as a service account, that only that account has access to and then backup over a network share that way as well.

I would probably end up doing a combined local / cloud backup solution.
Click to expand...

Not a bad idea.
 
MidnightShadow said:
So many of the variants now scan for local and network drives and spread to those as well, so network backup solutions aren't really the way to go for protection from this anymore.
Click to expand...

Having had a good year (so far) experience of direct ransomware attacks and DRs, ransomware can only spread to mapped drives and the current users profile who is the victim - it is a myth that it can spread anywhere on the network and people need to understand how it works.

The reg keys and scripts it runs basically just searches for mapped drives and in alphabetical order e.g. C:, D:, O:, U: encrypts the data (if the victim user has permission to files in the locations).

Also to note - If the encryption is say at D: and you take it off the network (internet) it will stop encrypting as it cannot speak to the C&C (attackers server). Although normally you wont know until its finished encrypting, unless its a large amount of data.

So its safe to have AND should have network backups as long as they are not mapped!

A safe option for file servers is to use DFS, as its architecture does not use mapped drives, instead it centralizes shared folders (from any network location) and shares them via a root location.

There are alot of benefits with DFS (might be worth reading up on it) Main simple benefit is, you do not need to update anything on any end user each time you rename the shared folders.

unfortunately we have old file server still we have not migrated yet to our DFS and still have mapped drives.
 
Last edited:
carnageX said:
Can also setup a task to run a backup to a network share as a service account, that only that account has access to and then backup over a network share that way as well.

I would probably end up doing a combined local / cloud backup solution.
Click to expand...

<3 me some Crashplan.

Crashplan running on all machines backing up to a local server, then the local server backing up everything to Crashplan. been using it for about two years with no issues. Plus, only $5.99 a month per machine (hence the desktop > server > cloud setup)
 
rulezero said:
Having had a good year (so far) experience of direct ransomware attacks and DRs, ransomware can only spread to mapped drives and the current users profile who is the victim - it is a myth that it can spread anywhere on the network and people need to understand how it works.

The reg keys and scripts it runs basically just searches for mapped drives and in alphabetical order e.g. C:, D:, O:, U: encrypts the data (if the victim user has permission to files in the locations).

Also to note - If the encryption is say at D: and you take it off the network (internet) it will stop encrypting as it cannot speak to the C&C (attackers server). Although normally you wont know until its finished encrypting, unless its a large amount of data.

So its safe to have AND should have network backups as long as they are not mapped!

A safe option for file servers is to use DFS, as its architecture does not use mapped drives, instead it centralizes shared folders (from any network location) and shares them via a root location.

There are alot of benefits with DFS (might be worth reading up on it) Main simple benefit is, you do not need to update anything on any end user each time you rename the shared folders.

unfortunately we have old file server still we have not migrated yet to our DFS and still have mapped drives.
Click to expand...

So basically only use UNC paths and don't map to a drive letter and you're good against most of the attacks :p.

iFargle said:
<3 me some Crashplan.

Crashplan running on all machines backing up to a local server, then the local server backing up everything to Crashplan. been using it for about two years with no issues. Plus, only $5.99 a month per machine (hence the desktop > server > cloud setup)
Click to expand...

Seems a bit steep for pricing for a household environment, IMO :p.
 
carnageX said:
So basically only use UNC paths and don't map to a drive letter and you're good against most of the attacks :p.



Seems a bit steep for pricing for a household environment, IMO :p.
Click to expand...

Hence the Computer > Server > Cloud setup. Computers backing up to the server are free, only server > cloud costs. And that will include all backups of the computers because they're on the server. ;)

Plus it does revisions. I can pull a deleted file from 2014.
And you can set your own encryption key for backing up to Crashplan.

AND it'll alert you if you haven't backed a machine up in x days. It's really, really, really nice :tongue:
 
You must log in or register to reply here.

Similar threads

B
Multiple Seagate External Drives Not Working(Windows+Mac)
Replies
2
Views
431
Joe C
Joe C
M
How to couple Desktop Gaming PC to Laptop for Streaming?
Replies
0
Views
535
motaro38
M
R
windows upgrade nightmare (dell laptop from home to pro win11)
Replies
8
Views
1K
camilasaunder89
C
Chazzer3
Basic upgrades to a work PC - from MS Office to a bit of graphic design work
Replies
2
Views
1K
Chazzer3
Chazzer3
MemRefreshABC
SSD for Windows Games Possible?
2
Replies
12
Views
2K
MemRefreshABC
MemRefreshABC
Back
Top Bottom