[fbomb]

Have a good backup system which keeps every version of a file for at least a few months - or is that too obvious?

[TeMPOraL]

Not just not obvious, also expensive and quite a PITA to set up.

Also, you have to make sure the backup is done through a network - some ransomware will happily encrypt any removable media you happen to plug in to your computer.

[acdha]

> Not just not obvious, also expensive and quite a PITA to set up.

Unless you have petabytes of storage, a very slow internet connection, or need to operate at an enterprise scale, this really hasn't been true for years:

1. Go to CrashPlan.com 2. Download and run the installer 3. Pay your choice of nothing to $12.50/month depending on how many computers you have and whether you choose to backup to their cloud, a friend's computer, an external drive, or any combination of the three.

1. Go to Backblaze.com 2. Download and run the installer 3. Pay $5/month

1. Pick one of the many AWS Glacier backup tools 2. Set a minimum retention policy in Glacier 3. Pay for your total storage usage

The key part is the use of a service for which you do not have admin rights and which has some sort of minimum retention period. Even Dropbox has that now.

[TeMPOraL]

Thanks for the outline. I guess it's time for me to get off my butt and actually set up some automated backups beyond Dropbox and Github (which, combined, store about 90% of files that are actually important for me) :).

[acdha]

You might be fine simply with Dropbox since they added an extended history plan which seems perfect for this:

https://www.dropbox.com/en/help/113

The main thing I'd worry about is locking down your default browsing profile & otherwise making it less likely to be compromised in the first place. I would imagine for most people on HN, the greatest inconvenience would be dealing with the mess if malware got access to your employer/customer's servers, data, etc. That's harder (e.g. rigidly separate accounts or computers, reducing the amount of access you operate with normally, etc.) but avoiding that mess is worth it.

[nl]

It is just as obvious to ransomware authors.

Many ransomware variants target network attached backups, eg [1]. They often target USB attached storage too.

[1] https://www.cert.gov.au/advisories/ransomware

[cjensen]

Yep. One of our tech support guys managed to get infected and it encrypted significant parts of our Synology NAS.

Offsite backup ftw. We restored from Glacier.

[CaptSpify]

You are correct, as that solution does work when users backup their stuff. Users don't keep good backups though. Despite every attempt to tell people, they still don't do it.

[cyphar]

Or use a filesystem that has immutable snapshots so you can just roll back the "encryption".