QRecall Community Forum
  [Search] Search   [Recent Topics] Recent Topics   [Hottest Topics] Hottest Topics   [Top Downloads] Top Downloads   [Groups] Back to home page 
[Register] Register /  [Login] Login 

Ransomware defense?? RSS feed
Forum Index » Suggestions and Feedback
Author Message
Ralph Strauch


Joined: Oct 24, 2007
Messages: 194
Offline
I've been reading about Ransomware attacks, where the hacker encrypts everything accessible from the hacked volume and then demands payment to decrypt the data. From some of the articles it sound like what gets encrypted might include a mounted backup volume, though I haven't seen this spelled out in detail. I'm guessing that an attached but unmounted volume might be invisible to the attacker and thus survive. What do you think about adding qrecall options to mount an archive volume before beginning a capture action and unmount it after that action as a defense?

If you can do that with an attached disk, can it also work for a disk attached to a networked computer? Mounting and unmounting of an attached disk can be done with Disk Utility, but I don't see any way to do that with a disk attached to a networked computer. I'd like that option because I leave my archive attached to one computer but also back up a second one over the network.

Ralph
James Bucanek


Joined: Feb 14, 2007
Messages: 1572
Offline
Ralph Strauch wrote:What do you think about adding qrecall options to mount an archive volume before beginning a capture action and unmount it after that action as a defense?

I don't have to add an option, because QRecall already does that.

If the volume containing an action's archive is on a local, unmounted, drive then QRecall will first request that the volume be mounted. Similarly, if the archive is contained on a networked volume, QRecall will attempt to connect the networked volume before the action runs.

QRecall also knows its kindergarten rules: if you get it out, put it back when you're done. If QRecall caused a volume to mount or a networked volume to connect, it will request that the volume be unmounted/disconnected once the last action using it has completed.

Mounting and unmounting of an attached disk can be done with Disk Utility, but I don't see any way to do that with a disk attached to a networked computer. I'd like that option because I leave my archive attached to one computer but also back up a second one over the network.

That is beyond QRecall's reach. There's no protocol for requesting a volume be mounted/unmounted on a remote computer.

If a ransomware attack is a real concern, the best defense would be to use a set of rotating backups; back up to two (or more) drives that get swapped out about once a week or so. Since you never had both volumes connected at the same time, there's very little chance that malicious software could corrupt both before you detected it. QRecall has scheduling options that will let you ignore the actions for the archive(s) that isn't online right now, so you don't have a one set of actions that's always failing.

- QRecall Development -
[Email]
 
Forum Index » Suggestions and Feedback
Go to:   
Mobile view
Powered by JForum 2.8.2 © 2022 JForum Team • Maintained by Andowson Chang and Ulf Dittmer