Data loss by ransomware attack ?

[Jemiba]

No, I wasn't affected by such an attack, my friend was. No great loss, as he had not much aviation
oriented data on his harddrives, just some hundred of photos from his (quite expensive) holidays
from the last two years, still not saved on DVD. He had an external HD as backup, of course, but
plugging/unplugging is always annoying ... : So ALL connected drives were encrypted.

I was looking for a way to automate backups to a drive (hopefully) unreachable for such an attack
and came up with the following solution :
You need:
- a harddrive with an external powersupply. I changed one of the internal HD, but an external one with
separate Powersupply will work, too.
- a socket switchable vbia USB. There was quite a good type on the market with just a single socket, but
it seems not to be available anymore, so I bought a power strip, with master/slave function, timer and what
the hell else.
- A script, that closes all running programs, starts that backup HD by switching on the power, copying all relevant
data and shutting down the computer then.
So, instead of clicking "shut down", I start that script and have a fresh and safe backup every day.
Any ideas, if it could still be vulnerable to such an attack ? Or better ideas for such a system ?
Clues and criticism welcome !

 

[TomS]

Seems liek a lot of work when there are commercial solutions available. A dedicated backup tool like Carbonite will back up an unlimited amount of data online for $60 per year.

 

[Jemiba]

Wasn't that much work, cost was about 40.- $ (the power strip, the additional power supply came
from my "spare part box" and it's a local solution, I'm old school.

 

[TomS]

If you're handy enough, I guess it works. It does rely on you shutting down the computer regularly rather than just letting it sleep when not in use.

 

[Hobbes]

The best solution is a dedicated computer that executes the backup. This allows you to set your work computer to not have write access to the backup volume, making it impossible for ransomware to corrupt your backups.

With your solution you've reduced the window of opportunity for ransomware to encrypt the backup, but you haven't ruled it out entirely. You also have to be careful not to overwrite good data with bad.

 

[overscan (PaulMM)]

You could achieve the same effect for free by simply unmounting the USB drive in software ("mountvol" command). You'd create a script which mounted the drive, ran backup, then unmounted the drive. No ransomware is going to mount unmounted drives to infect them.