Skip to main content

Network suggestions please?

Thread needs solution
Beginner
Posts: 1
Comments: 3

Hey guys,
For the last little while I've been trialing the acronis image software to run automated backups of 4 computers on a network to a standard 2TB drive in a cradle.
Normally this cradle gets powered down and only powered up once a week for the backups to be processed.

The drive was mapped as a network drive and gave Acronis easy access with permissions to perform backups from each of the 4 computers without needing user interaction.

This is where we run into problems.
One of the computers had a 'ransomware' virus on it and it corrupted ALL of the backups. Every back up on the drive became encrypted and recovery just wasn't an option.

So my question is this.

I'm led to believe that Acronis Secure Zone cannot be run over a network. Is there something else I can use to instead give an encryption level to the backups so that nothing can change, delete or alter the files in any way without a password whilst still allowing for automated schedule backups?

Thanks in advance.

0 Users found this helpful
Forum Hero
Posts: 62
Comments: 7495

Hi Tim,

These may help...

http://www.acronis.com/en-us/support/documentation/ATI2016/#13811.html

https://forum.acronis.com/forum/118702

https://forum.acronis.com/forum/118140

Unfortunately, secure zone is not a failsafe for malware either.  Once the password is entered on the secure zone, it is just as accessible as the rest of the drive - same goes for bitlocker and other locked and/or encrypted partitions, drives or folders.  As such, if the system is already compromised, anything that has access to the drive, or that it can traverse with similar credentials is also susceptible.  

Using a Windows Account with regular privileges that does not have access to shares where Acronis has access with admin privileges would help.  Also using different credentials completely on storage devices like a NAS that only Acronis has access to can limit the chances of ransomware getting access to backups.  I would also look to a seondary backup that is completely offline and only accessed offline for both backup and/or recovery using the bootable rescue media and only attached for the purpose of backup and/or restore.  Offsite backup for a second or third backup would also be good.  

 

 

 

Beginner
Posts: 1
Comments: 3

Champion, thank you.. Will have a look.

Ultimately, a client clicked a thingy they shouldn't have and it got everything.

So hopefully I can find a reasonable solutions.

Beginner
Posts: 1
Comments: 3

So where I'm at looking into all this, I'm still relatively lost.

Essentially, setting up permissions to access an 'online' drive for acronis is going to be the best way of making sure ONLY the profile with access to the drive can make changes.

This then means that every PC on the network needs to have said profile?
Or is there a way to set up a profile over the network that can be accessed from each computer, but not local to each computer?

Realistically,
I'd like to have it so that only Acronis can access the drive, and each of the 4 computers runs their backups on a saturday around lunch time.
However; I'd like the contents to not be able to be modified unless a password is entered as I fear the files themselves may have permissions that can be changed by virus/malware.

Due to the types of programs being run on the computers on the network, it's not possible for us to run them on accounts that aren't admin ones.

Forum Star
Posts: 60
Comments: 1413

Tim,

Bobbo has provided some excellent advice...

First a  couple of questions & then some recommendations.

You stated: "The drive was mapped as a network drive"...  Was the drive mapped as a drive letter?

Do you know which malware variant encrypted your drive?  Cryptowall?

I have done quite a bit of research on ransomeware, which I consider my biggest threat, and everything I have read states that ransomeware only attacks network drives if they are mapped to a drive letter.

Some things to consider:

On each computer, set up a separate account for running True Image.  Using this account, set up the permissions for the network shared drive.  I would recommend setting up separate folder/sub folders for each computer, and use different passwords from each computer.

The accounts that are used for work and e-mail, internet access, blogging, etc., should not have  permissions to access the network drive. If the user of the account tries to access the network drive, it should popup the UAC message asking for the password (which the user should not have).

With this setup, the ransomeware would still be able to encrypt the files on the user account of the computer that got the virus.  But the backups and the other computers should be safe.

You should seriously consider setting up a Linux based NAS, such as Synology.  With a NAS, you could also set up a RAID, which gives extra protection against hardware failures.  You can set up the accounts such that there is only one NAS admin account (which is not used by True Image).  You can have multiple NAS user accounts and limit the folders that each account gets access to.  For your setup, I believe this would be ideal.

Hope this helps.

Regards,

FtrPilot

 

Beginner
Posts: 1
Comments: 3

Thanks for the response.

The ransomware was a copy-cat mixture of Crypt0l0cker and torrentl0cker.
I sent some files away to a company and they sent me back a key which unlocked a few files but not many.
They explained that the copycat malware created a private key for the clients system then encypted all the files on the computer with varying parts of the key that was generated meaning each file was technically encrypted differently.

Out of everything I've had to deal with, that was the first time I've not been able to brute-force open an encryption.
Regardless,
I'll have a look into setting up the drive with permissions leading only to certain accounts per computer and no permissions for other accounts.

Will this have a negative impact on recovery should the drives fail?

Forum Star
Posts: 60
Comments: 1413

Tim,

First, thanks for sharing...I know this is a difficult time for you and I hope that all who read this will learn from your experience and certainly not repeat it.

Will this have a negative impact on recovery should the drives fail?

This will have absolutely no impact on recovery.

When you set up your system with the new permissions, you should test the folders out by trying to access them from a regular user account using windows explorer.  When trying to access the folder, Windows UAC should popup a window asking for a password. If windows explorer grants access without asking for a password, then the folder is vulnerable and you should redo.  Also, don't type in the password, expecting windows to always ask for the password. Windows only asks once, then stores the password.  And if Windows knows the password, any process (or malware) that inherits admin privileges gets the password and will have access to the network folder.

Hope this helps.

FtrPilot