Backup

Connecx Backup protects against ransomware

Connecx Backup protects your devices against ransomware if you keep a few things in mind when setting it up

  • Use a unique password for the users on the Connecx Backup server. Especially for the “admin” user. We are not aware of any ransomware that actively deletes backups from Connecx Backup servers via web interface but theoretically it is possible if the users on the server use a weak password or the same password that the ransomware already used to spread
  • Don’t connect the server OS, storage, etc. to your Active Directory. Ransomware may already be spreading via using admin accounts on your Active Directory. You don’t want it to be able to spread to your backup server this way! If you run the Connecx Backup server in a VM you also don’t want to connect the VM hyper-visor to Active Directory.

In general it is useful to have this image in mind when evaluating risks w.r.t. backups:

There are many risks to the data stored on the clients, for example (red section):

  • The client disk may break
  • If it is a laptop it might get stolen, lost or get damaged by accident
  • Ransomware attack encrypts all data on the client

Similarly there are many risks to the data stored on the server, for example (blue section):

  • Server disks may break
  • Electrical surge
  • Someone hacks in and deletes all the data

You want to eliminate/reduce those risks (e.g. by using RAID), especially those that occur frequently or are easy/low cost to reduce.

What you should be most concerned about, however, are the risks that affect both simultaneously, for example (intersection between red and blue section):

  • Ransomware attack encrypts all data on client and server because it can get access to both via taking over Active Directory
  • Electrical surge destroys both client and server disks
  • Asteroid destroys both client and server, because they are on the same continent

Make a list of those risks, reduce them if possible (e.g. by having a unique, separate admin password or surge protection for client or server) and then judge if they are rare enough or can be ignored (one probably has other problems if an asteroid destroys a continent).

Connecx Backup is better than other backup software at protecting you from ransomware

Again, looking at the picture above, other backup software often fails at keeping backup (server) and backup source (client) sufficiently independent:

  • Backups are stored to attached/local disks: Randomware encrypts/formats all attached disks
  • Backups are stored to network attached storage: Ransomware encrypts network attached storage
  • Backup software that allows deletion of past backups from the backup source (client): Ransomware deletes backups
  • In general if the client can delete old backups, they are not sufficiently independent. Even if the backup software obfuscates deletion it is only a matter of time or cost/benefit till ransomware authors circumvent the deletion protection

The independence goes the other way, as well. If an attacker/ransomware takes over your backup server it should not be possible to affect data on the backup source (client), specifically:

  • Setup arbitrary pre-/post backup scripts from the server that may delete/encrypt data on the client
  • Initiate restores from the server, which may restore garbage/encrypted data to the client
  • Run arbitrary software on the clients via an update mechanism
  • Backing up via an arbitrary command channel (e.g. SSH) that allows the server to destroy data on the client