Network Backup & Restore Software Solution for SMBs |
|||
EN PL ES | |||
|
Article ID: FS-FBS-20170715-I01 Last Reviewed: February 15, 2021 Version: 1.1 How to Protect Your Computer from Ransomware Encrypting FilesThis article describes how to protect against malicious programs that encrypt files for ransom (ransomware). It discusses methods to secure files (documents) stored on workstations and NAS servers. It also explains how to protect backups from encryption and what to do after detecting a threat.IntroductionThe most reliable protection against file encryption or deletion is to perform regular and automatic backups. Backups allow you to restore files even if other protections—such as antivirus software—have failed. In addition to securing the files themselves (documents), it's important to properly protect the backup files (archives), which can also be encrypted or deleted by ransomware.Protecting Files (Documents) from Workstations and NAS ServersThe most dependable protection against file deletion or encryption is to perform regular and automated backups. Backups of important documents should be made at least once a day, preferably just before shutting down the computer. Since you may discover file deletion or encryption with some delay, remember to enable Rotational Copies (Retention). This option allows you to specify how long backups should be stored, giving you the ability to "go back in time" and restore the disk state on a specific day. For example, if you perform backups daily and set Rotational Copies to 30, you'll always be able to revert up to 30 days back.
Securing Backup Files (Archives)If malicious software infiltrates your internal network, not only documents but also archives containing their backups can be encrypted. Therefore, it's crucial to secure the backup server itself and the directories where backups are stored.Windows computers are the most popular and thus most frequently targeted by malware. If your backup server runs on a Windows computer, it's essential to secure it by disabling file sharing and blocking all incoming network ports except TCP 4530 (control console) and TCP 4531 (backup/recovery) used by Ferro Backup System. More about securing the backup server can be found in the article Securing Network Connections – Implementing Security on the Backup Server. Another good solution is to install the backup server on a Linux system (e.g., directly on a QNAP NAS or Synology NAS) and disable services like file sharing (SMB, AFP, NFS, FTP, TFTP, rsync) and remote access services (Telnet, SSH, RDP). The next step in protecting archives—regardless of the operating system running the backup server—is to enable protection against file modification or deletion. This option is described in the user manual: Protect Access to Destination Directories. Effective protection against malware also includes archive replication. Replication involves automatically duplicating archives to another location. The most effective protection in this case is replicating archives to media inaccessible to ransomware, such as LTO tapes, DVDs or Blu-ray discs, cloud storage, removable USB drives, RDX cartridges, etc.
Security of Network ResourcesWhen saving archives (or replicas) on a shared network resource, remember several important principles to reduce the risk of files being encrypted or deleted.Full access (read and write) to the shared folder should be granted to only one user. It's best to create a special user account on the NAS server for this purpose, e.g., FerroBackup. Provide the login credentials for this network resource (username and password) exclusively in the program console under Settings -> Network Resources. This way, only the backup server will have access to the archives. The password created must be strong! Additionally, when connecting to the network share, avoid assigning a local drive letter, as such mapping can be visible to other computer users, including encrypting programs. With this configuration, the destination path for saving or replicating archives is entered in UNC form (\\server\share\[folder]).
What to Do When a Threat Is DetectedAfter detecting and eliminating the threat, you can recover files (or the entire system) from the backup. To do this, go to the Recovery tab, select the computer where the files were encrypted, and then choose the archive from the day before the attack. After selecting the folder with documents or the entire disk, click Restore or Unpack, check the option Replace existing files, and click OK. If you're restoring documents from a file server, additionally select the option Restore saved security descriptors to restore DACL permissions to files and folders.See Also |
||
Home Help Where to Buy Download Contact Us Partners | Printable version | Language: EN PL | |||
How to Protect Your Computer from Ransomware Encrypting Files All rights reserved. Terms and Conditions | Privacy Policy Copyright © 2000-2024 FERRO Software |