More Musings

Ransom defenses

Anthony

πŸ”„ Types of Backup by Location

  1. Local (On-Premises) Backups

Backups stored within your office or facility.

β€’	External USB/Thunderbolt drives
β€’	Easy and cheap.
β€’	Risk: fire/theft/ransomware if always connected.
β€’	Network Attached Storage (NAS)
β€’	Can serve multiple machines.
β€’	Supports snapshots and automated schedules.
β€’	Risk: must be secured from ransomware via permissions or snapshots.
β€’	Dedicated Backup Servers
β€’	Full-featured systems running backup software (e.g. Veeam, Bacula).
β€’	May support disk rotation or replication.
  1. Offsite (Remote Physical) Backups

Physical copies stored away from the main premises.

β€’	Rotated external drives
β€’	Manual but effective. Swap weekly and keep off-site (e.g. at home or in a fireproof safe).
β€’	RDX cartridges / LTO tapes
β€’	Enterprise-grade, durable and write-once (immune to ransomware).
β€’	More expensive, but secure and offline.
  1. Cloud Backups

Backups sent via the internet to a third-party provider.

β€’	Cloud storage services (e.g. Backblaze B2, Wasabi, Amazon S3)
β€’	Can be used with backup software to push encrypted backups.
β€’	Set up retention, encryption, versioning.
β€’	Integrated backup platforms (e.g. Acronis, CrashPlan, MSP360, Veeam Cloud Connect)
β€’	Manage everything from scheduling to version control in one interface.
β€’	File sync services (e.g. OneDrive, Dropbox, Google Drive)
β€’	Not backups in themselves β€” unless versioning and archive modes are enabled.
β€’	Risk: synced ransomware-infected files can overwrite clean copies.

βš™οΈ Types of Backup by Method

  1. Full Backup
    β€’ Everything is copied.
    β€’ Slowest and largest but easiest to restore.
  2. Incremental Backup
    β€’ Only data changed since the last backup (any type) is stored.
    β€’ Efficient but restoration can be slower (requires chain).
  3. Differential Backup
    β€’ Backs up all data changed since the last full backup.
    β€’ Faster restore than incremental, bigger than incremental.

🧯 Special Techniques for Ransomware Defence

β€’	Offline backups
β€’	Unplugged drives or media not accessible from the main system.
β€’	Immutable storage
β€’	Backups that cannot be deleted/overwritten for a set period (e.g. Wasabi, AWS S3 Object Lock).
β€’	Snapshots (ZFS, Btrfs, or NAS-specific)
β€’	File system-level, space-efficient, and instant rollback.
β€’	Schedule frequent snapshots and restrict deletion to root/admin.