Backups [was Re: Is tape dead?]
couryhouse at aol.com
Wed Sep 16 13:15:32 CDT 2015
We have 10 years of backups.ed#
Sent from my Verizon Wireless 4G LTE smartphone
-------- Original message --------
From: Robert Feldman <r_a_feldman at hotmail.com>
Date: 09/16/2015 10:40 AM (GMT-07:00)
To: cctalk at classiccmp.org
Subject: re: Backups [was Re: Is tape dead?]
>From: Mouse <mouse at Rodents-Montreal.ORG>
>> I think a more important issue in backing up is "How many GENERATIONS
> >to you keep around?"
>For many purposes, that's an important consideration, yes. There's
>something (small) I back up weekly for which I keep the most recent
>seven backups, the oldest backup in each of the most recent twelve
>months, and the oldest backup in any year. I'm considering something
>of the sort for my house backups - live replication to a backup host,
>with a once-a-week freeze of the replica, storing past replica drives
>on a scheme somewhat like the above.
There is a ramsomware variant that encrypts the files but silently decrypts them when they are accessed. It does this for six months before deactivating the on-demand decryption and displaying the ransom message, the theory being that by that time all of the backups will be of the encrypted files, and thus will be useless for restoring good versions.
As to how one can become infected, see http://www.theregister.co.uk/2015/08/27/malvertising_feature/?page=1. Major sites, such as The New York Times, Reuters, Yahoo!, and Bloomberg, have been serving malware -- including ransomeware -- through hijacked advertisements. No need to click on anything, the ad serves up the malware.
BTW, where I work got hit with ransomeware in December. We were lucky that it first hosed the accounting/time tracking database, which generated errors when someone tried to enter her time. When I went to restore a backup of the database, I noticed the ransomware's html ransom note file and shut down the system before too many more files were encypted. We were able to restore everything (except the originally infected user's computer, which we wiped and reinstalled) from an unconnected backup drive.
More information about the cctalk