More Musings

Ransom defenses

Anthony

🔄 Types of Backup by Location

  1. Local (On-Premises) Backups

Backups stored within your office or facility.

•	External USB/Thunderbolt drives
•	Easy and cheap.
•	Risk: fire/theft/ransomware if always connected.
•	Network Attached Storage (NAS)
•	Can serve multiple machines.
•	Supports snapshots and automated schedules.
•	Risk: must be secured from ransomware via permissions or snapshots.
•	Dedicated Backup Servers
•	Full-featured systems running backup software (e.g. Veeam, Bacula).
•	May support disk rotation or replication.
  1. Offsite (Remote Physical) Backups

Physical copies stored away from the main premises.

•	Rotated external drives
•	Manual but effective. Swap weekly and keep off-site (e.g. at home or in a fireproof safe).
•	RDX cartridges / LTO tapes
•	Enterprise-grade, durable and write-once (immune to ransomware).
•	More expensive, but secure and offline.
  1. Cloud Backups

Backups sent via the internet to a third-party provider.

•	Cloud storage services (e.g. Backblaze B2, Wasabi, Amazon S3)
•	Can be used with backup software to push encrypted backups.
•	Set up retention, encryption, versioning.
•	Integrated backup platforms (e.g. Acronis, CrashPlan, MSP360, Veeam Cloud Connect)
•	Manage everything from scheduling to version control in one interface.
•	File sync services (e.g. OneDrive, Dropbox, Google Drive)
•	Not backups in themselves — unless versioning and archive modes are enabled.
•	Risk: synced ransomware-infected files can overwrite clean copies.

⚙️ Types of Backup by Method

  1. Full Backup
    • Everything is copied.
    • Slowest and largest but easiest to restore.
  2. Incremental Backup
    • Only data changed since the last backup (any type) is stored.
    • Efficient but restoration can be slower (requires chain).
  3. Differential Backup
    • Backs up all data changed since the last full backup.
    • Faster restore than incremental, bigger than incremental.

🧯 Special Techniques for Ransomware Defence

•	Offline backups
•	Unplugged drives or media not accessible from the main system.
•	Immutable storage
•	Backups that cannot be deleted/overwritten for a set period (e.g. Wasabi, AWS S3 Object Lock).
•	Snapshots (ZFS, Btrfs, or NAS-specific)
•	File system-level, space-efficient, and instant rollback.
•	Schedule frequent snapshots and restrict deletion to root/admin.