Using the DiskAES256 encrypted VFS

Syncplify.me Server! version: 4.0.0+

As of version 4.0, Syncplify.me Server! has introduced storage access via VFS (Virtual File System). This new storage virtualization layer allows an administrator to choose among different ways to access the underlying file system; one of them, that encrypts/decrypts data at-rest on the fly, is the DiskAES256 VFS.

When a VFS is of DiskAES256 type, all files uploaded to that VFS will be encrypted and then saved to disk. Similarly, when an SFTP client downloads them, the files will be read from disk and decrypted on-the-fly before they are sent to the client over the network (don’t worry SSH/SFTP network encryption still applies).

So, because of the way it works, as described here above, when you create a new VFS of type DiskAES256 you have to make sure it points to an empty path/directory (that has no files in it). Otherwise it would try to decrypt existing files that are not encrypted in the first place, and fail. Continue reading

How to protect your backups from ransomware (Cryptolocker, WannaCry, and the like…)

Syncplify.me Server! version: 4.0.0+

Ransomware is a type of malware that restricts access to the infected computer system, and demands that the user pay a ransom to the malware operators to remove the restriction. Probably the most famous ransomware is Cryptolocker, and it’s definitely something you don’t want to deal with.

Regardless of the strenuous efforts put in place by Antivirus developers, the rate of infection is appalling. And what is worse is that such ransomware can also access all the shared folders on your NAS/SAN, so if you backup to a network drive your backups will be compromised too. The ransomware objectives include, in fact, preventing you from being able to restore your old (healthy) data from a backup.

Managing such situation with permissions and ACL (access-control lists) is a nightmare, and it’s hard to reach a true WORM (write once read many) situation which is the only truly secure way to prevent the ransomware from modifying the backups you’ve already stored. And if you have healthy backups the ransomware is “de facto” already defeated.

So what can you do to store your backups somewhere else in a truly WORM way? Continue reading