8dcc1529-8076-42d5-b164-f58c8172dfec Posted June 7, 2014 Report Share Posted June 7, 2014 Malicious software that encrypts the victim's disks seems to be on the rise. Software like Cryptolocker encrypts all accessible disks, including network volumes and USB disks. A common Retrospect configuration is to back up to an external hard disk connected by USB. In such a configuration, a Cryptolocker (or similar) infection would affect the backup as well as the drive being backed up. User valkyriebiker posted the following on Ars Technica: I've developed a backup protocol and script for my clients that protects hot backup drives by incorporating the following:+ vbackup.exe -- a sort of stripped-down robocopy with versioning+ Set the backup volume ACLs to give modify rights to the backup job only and read-only to the user+ Remove the user from the local administrators group so that Crypto-viruses cannot take ownership or re-asset modify access to the backup volume. Users should never be on admin regardless. Yeah, yeah, I know.....+ Give the user an admin-level password-protected account strictly for installing software, drivers, etc. that require it. Here is a link to the original post: http://arstechnica.com/security/2014/06/we-will-be-paying-no-ransom-vows-town-hit-by-cryptowall-ransom-malware/?comments=1&post=26991139#comment-26991139 This seems very applicable to Retrospect and the configuration I described above. Trouble is, I don't know enough about Windows administration to set this up. Can anyone help? 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.