Ransomware is a type of malware that restricts access to the infected computer system, and demands that the user pay a ransom to the malware operators to remove the restriction. Probably the most famous ransomware is Cryptolocker, and it’s definitely something you don’t want to deal with.
Regardless of the strenuous efforts put in place by Antivirus developers, the rate of infection is appalling. And what is worse is that such ransomware can also access all the shared folders on your NAS/SAN, so if you backup to a network drive your backups will be compromised too. The ransomware objectives include, in fact, preventing you from being able to restore your old (healthy) data from a backup.
Managing such situation with permissions and ACL (access-control lists) is a nightmare, and it’s hard to reach a true WORM (write once read many) situation which is the only truly secure way to prevent the ransomware from modifying the backups you’ve already stored. And if you have healthy backups the ransomware is “de facto” already defeated.
So what can you do to store your backups somewhere else in a truly WORM way?
Well, if you are running Syncplify.me Server! v4 (or greater) you can create a VFS (virtual file system) that accesses a NAS/SAN over the network with specific credentials that are fully managed by Syncplify.me Server! itself; then you’ll need to remove the delete/rename/modify permissions on it from the SFTP user profile that is associated to such VFS. This way you ensure that, once stored, your backups cannot be altered anymore, in any way, via the SFTP server.
Now you need to make sure that both the following rules are enforced:
- your backup software must be configured to use your SFTP server as a target
- make sure the OS users on the machines that run the backup software do not have direct access to the NAS/SAN
And that’s it. Even in case you get infected by a ransomware, you will simply be able to format your computer, reinstall your operating system, and restore all your data from a healthy backup.