This is the old XigmaNAS forum in read only mode,
it will taken offline by the end of march 2021!



I like to aks Users and Admins to rewrite/take over important post from here into the new fresh main forum!
Its not possible for us to export from here and import it to the main forum!

Using Nas4Free to deal with ransomware

Post/Debate your Suggestions & Requests of XigmaNAS here. This ONLY pertains to XigmaNAS.
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
hastdotwhat
Starter
Starter
Posts: 45
Joined: 17 Jul 2013 09:39
Status: Offline

Using Nas4Free to deal with ransomware

Post by hastdotwhat »

Crypto ransomware has been getting worse and worse over time (see e.g. this article from Ars), and it's spreading to OS X and Linux as well (although the very early attempts aren't as polished yet as the Windows stuff, just give it a few more release cycles and they'll be just as devastating).

The scary thing about this stuff is that it also affects backups, so you're just as screwed if you regularly back up your data as if you don't. In fact regularly backing up makes things worse, since it increases the chance of replacing the non-locked backup data with locked data.

This is something that Nas4Free could help with. To do this, you designate a few random files as canary files that should never be modified. If Nas4Free detects that a modified version of the file is being uploaded (i.e. one that's been locked by ransomware), it could perform actions like alerting the user and diverting new backups to a quarantine directory until the all-clear is given.

Does anyone have any thoughts on this? I'd toyed with the idea of adding a script to manage this, but the minimal playing I've done has ended up as a bit of a hack (GUI integration in particular is something that looks complex if you're an outsider), and if it was a standard Nas4Free feature it would help other users as well.

User avatar
b0ssman
Forum Moderator
Forum Moderator
Posts: 2438
Joined: 14 Feb 2013 08:34
Location: Munich, Germany
Status: Offline

Re: Using Nas4Free to deal with ransomware

Post by b0ssman »

just use zfs snapshots.

if the file was modified. you get the real file from the snapshot.

but same problem as with backups. so its an inherent problem.
Nas4Free 11.1.0.4.4517. Supermicro X10SLL-F, 16gb ECC, i3 4130, IBM M1015 with IT firmware. 4x 3tb WD Red, 4x 2TB Samsung F4, both GEOM AES 256 encrypted.

hastdotwhat
Starter
Starter
Posts: 45
Joined: 17 Jul 2013 09:39
Status: Offline

Re: Using Nas4Free to deal with ransomware

Post by hastdotwhat »

Hmm, that assumes you're running ZFS (i.e. you've got a fairly serious NAS), and that you're keeping snapshots that go back an arbitrarily long way in order to allow rollback (which in turn means you've got a ton of storage to dedicate to storing multiple generations of data). I was targeting this more at protecting things set up for friends and family (the sort of people that are more likely to get hit by this kind of malware), repurposed older PCs that help them in the event of a crash, but nothing like the sort of thing in your sig for example :-).

User avatar
raulfg3
Site Admin
Site Admin
Posts: 4865
Joined: 22 Jun 2012 22:13
Location: Madrid (ESPAÑA)
Contact:
Status: Offline

Re: Using Nas4Free to deal with ransomware

Post by raulfg3 »

hastdotwhat wrote:(which in turn means you've got a ton of storage to dedicate to storing multiple generations of data).
error, snapshot do not cost in data terms. (Do not duplicate data)

https://en.wikipedia.org/wiki/ZFS#Snapshots_and_clones


Please read more about snapshot works on ZFS.
12.1.0.4 - Ingva (revision 7743) on SUPERMICRO X8SIL-F 8GB of ECC RAM, 11x3TB disk in 1 vdev = Vpool = 32TB Raw size , so 29TB usable size (I Have other NAS as Backup)

Wiki
Last changes

HP T510

hastdotwhat
Starter
Starter
Posts: 45
Joined: 17 Jul 2013 09:39
Status: Offline

Re: Using Nas4Free to deal with ransomware

Post by hastdotwhat »

raulfg3 wrote:
hastdotwhat wrote:(which in turn means you've got a ton of storage to dedicate to storing multiple generations of data).
error, snapshot do not cost in data terms. (Do not duplicate data)
Snapshots (well, ZFS ones) are COW, not magic-on-write, if your data has been encrypted by ransomware then 100% of your data has changed so at a minimum you've doubled your storage requirements just from that. In addition as your data changes during normal use, you need to store the changed data as well.

Post Reply

Return to “Suggestions & Requests”