How to secure your backups from ransomware

Listen to Felicia's podcast episode

PETYA crypto ransomware overwrites MBR

If you have configured your computer to not use MBR, but to use UEFI, this is irrelevant. This is a good reason to rebuild your computer from scratch after you have done the in-place upgrade to Windows 10 in order to register the licensing.

PETYA is being delivered by DropBox.

DropBox has no built-in APT capabilities to prevent malicious content from being stored there or distributed from there.

NAS and proper backups can help you recover from ransomware

If your only backups are locally-attached USB devices that your user account has access to, or if your user account is an admin, then all your backups will be encrypted also. That means you will not be able to recover from a ransomware event.

A better idea is to use a NAS that your user account does not have access to. Instead, a separate account is used for scheduled backup jobs that use version control. Because your user account that you browse the internet with does not have access to the backups, ransomware cannot encrypt your backups. The difference would be if you were browsing the internet as an administrative account, which you should never do.

You may ask, then how do I recover files if I need to at some point? The NAS has a web interface which you can use a built-in file explorer utility to interact with the files there. Additionally, you could log into your computer as your special admin account that is associated with the backup processes. That account would have access to the NAS.

The NAS is great because you can use it to protect all the computers in your house.

Note that if your goal is to mitigate the risk of loss of your data and the backups due to ransomware, then you cannot be using software packages for the backup process like what come with most of the one-click option devices on the market. Those are all designed to be for consumers, so they have little security and little sophistication.

So what about cloud backups?

Let's consider an example. If you are using something like Acronis Cloud, that could be OK if you have version control setup properly and you are taking FULL backups properly as opposed to something that is a giant fail waiting to happen, such as incrementals greater than 3 days.

I was recently doing an audit of a prospect's backups. Their former IT manager had configured Acronis to do a full backup at the first of the month, and then incrementals the rest of the month. That strategy is prone to massive failure as it makes the entire month of backups dependent upon the initial and all the prior days. With each day that passes, the risk of loss of data due to a failure in one of the weak links in the chain goes up exponentially. It's another fine example of why you need an audit by a competent IT Security Architect such as myself even if you have your own IT staff.

Now let's say you are sending all your backups to cloud storage.


  • How much data is this that you are trying to upload across your internet connection?
  • How long does it take to get there?
  • How long would it take you to download the data for a recovery?
  • Do you have enough versioning in the cloud storage to meet your compliance and risk mitigation strategy?

I don't have a problem with cloud backups assuming that you hold the encryption keys meaning that the staff at wherever cannot get into your backup files. That's a question you need to ask. If they are your IT service provider, then maybe that is OK, but you still need to ask HOW MANY people have access to those files and by WHAT MECHANISM.

Again, if you are going to use cloud for backups, you have major security, bandwidth, recovery time, and cost implications to think about. I would only use cloud backup as a SECONDARY backup for offsite storage assuming you were fully aware of all of the implications of that strategy. And let me be blunt. I have yet to encounter a business decision-maker who has been properly advised of the true security concerns and recovery and cost profile of cloud-stored backups except for my clients.

This is why a NAS is such a great option.
  • The NAS is local to you.
  • It facilitates the shortest recovery time possible.
  • It has plenty of storage to support multiple computers with version control for backups on each endpoint.
  • When properly configured, the NAS is extremely secure even using a software-based firewall, multifactor authentication, brute force mitigation, and full disk encryption.

Share this post
Leaving Computers On All The Time