What is the best backup steps in today's environment ?

Keeping in mind what @sfsameer had to go through, even after keeping so many backups,

What is the best backup steps in today's environment ?

Due to WFH, I am single man/laptop person. So anything similar will simply close me down. I think many of members here are also in same boat.
So we need to define some steps now as precautionary measures.

Primary backup from discs C, D and E are on disk F.
Backup of my backup (from disk F) is also on another PC without network and power. Power is on only while copying backup of my original backup.
It works that way like 15 years so far.

Very good topic!

It seems people consider the backup but not the restore.

What happens if your, God forbid, computer becomes completely corrupt and you want to wipe out everything and bring it back to the way it was six months ago. Then you can use data backups to restore the few data files that have changed since then.

I have never found a good way to completely backup everything assuming the PC can be restored from a "Ground Zero" state.

Has anybody found a good solution for this?

I use Acronis True Image for most of my customers and myself. It is a hybrid back solution: you make a whole copy of your harddisk to a file; if you want you can restore this backup to ssd and everything works.
But if you need some file from this backup, you can open and explore and copy all files you need.
It's easy to automate, the first backup is a full backup, the next four backups are differential, only the changed files are used. The next backup begins with an full backup and so on. You can automate the process for cleaning the backup space: you will never run out of space.

As @canalrun mentioned, we do not know if we are backing-up a data of encrypted bits, as the file name and size remains same but the content is garbage, till we need to restore it.

So whatever way we do backup, we are assuming the .zip, .txt, .bas etc. program and data files are all correct.
What I understood from Saif's case that whenever any writable media is connected, the 'virus' encrypts it too, as it can access all files in it.

So the dilemma is how to backup and be sure that the correct file content will be saved and the virus can not modify the backup-ed files.

Put your backups in a protected folder. Don't run on an admin account unless you really need to.

For your code the best thing you can do is git, upload it to gitlab, github, bitbucket, you name it, git is the life saver for programmers

For the other stuff, do cloud backup there are plenty of options, most them when you pay they have history recovery, so even if the files got encrypted youcan reverse them.

Another way is to take backup to a secure location is to use mega.nz.

I just started using it recently. It gives 50 GB with its free account which is more then sufficient for my needs.

Of course one can also use Google Drive or Microsoft's OneDrive, etc.

For local I think it would be better to use a NAS. Generally NAS are powered by Linux core and the chances of them getting infected are very, very remote.

If you want high-performance, low-latency storage then check out SAN.

Another option could be a full disaster recovery strategy. That one is broader in scope than a simple backup/restore one, but covers a lot more.
Anyway, be sure to take good care of the restore part as mentioned in other posts above. Having backups (or even full images of your HD) just to discover they don't work when you need them is like not having them at all.

Ransomware: study how they work to design a strategy.
For what I know, most of them silently encrypt your data for a few days before showing the "you're infected" message. So, to defend ourselves, we should catch the moment the infection begins. One characteristic I read about is that ransomware uses to encrypt/change the name of an infected file.

So, one way for us, could be to have a simple watchdog program along with a "white list" of directories/files that we know we will never move around (or change their names). At boot the PC will launch the watchdog sw which will scan those dirs for those files. If any is missing, this could be due to the action of a ransomware virus encrypting and changing the file's name. We could go even deeper and let the watchdog "open" the file, searching for a "signature" (a given sequence of bytes). In this case, our white list could be: dir-file-signature (or even, dir-file start signature-stop signature-signature if we want to inspect different points in the file)

The above won't make you 100% safe, but will add some to your every day virus protection.

I use Backblaze and Dropbox. Both work well but are not free. With Dropbox I have sync enabled but also use GoodSync to sync to a different Dropbox folder which is not synced with my machine (like a proper backup).

I also have a Synology NAS on my network that I back up to using GoodSync. The NAS share is not discoverable on the network so if a device on the network happens to get ransomware the share is not easily found by scanning the network.

I also have an external drive that I use to back up once a month.

BTW these are all in place due to a drive failure I had a few years back.

rboeck said:

I use Acronis True Image for most of my customers and myself. It is a hybrid back solution: you make a whole copy of your harddisk to a file; if you want you can restore this backup to ssd and everything works.
But if you need some file from this backup, you can open and explore and copy all files you need.
It's easy to automate, the first backup is a full backup, the next four backups are differential, only the changed files are used. The next backup begins with an full backup and so on. You can automate the process for cleaning the backup space: you will never run out of space.

Click to expand...

+1 me too.

Hmm.. After reading all valuable suggestion. My conclusion are:

1. We do not know if the data/code backed-up are correct or garbage till we have to restore it.
2. When ransomware infects, it is not known till it is too late.
3. All data/code are turned garbage and not encrypted (which can be decrypted), all promise are false, just to take money from us.
4. Only by copying/dropping data/code in a browser opened drive/dropbox etc. can we be sure that ransomware can not access the drive.
5. We can keep regular backup and also create a tool which checks each code/data in the backup, if it is Ok.
6. There are other better suggestions but are costly from point of view of single developer / machine.

Everyone shared excellent points.

I use to run backup using Ghost then switch to Clonezilla, this was years ago. These were capable of restoring to bare bone disk.
I should start doing this again as our household grew and now we have more unaware users (means more risk).

For most important files create copy with special user. I have not done this on Windows but this is how it works.
Have you folder "Pictures" this is where you place your family images from the camera, phone, etc.
Create another folder "Pictures_Read". Setup user that has write access to "Pictures_Read" everyone else should have read only access.
Then create scheduled job/task to copy new images from "Pictures" to "Pictures_Read"
Make sure that "Pictures_Read is not inside another folder that can be encrypted. This could be top level folder in second HDD or in second partition.

Lastly test your backups. To test desktop restore VM could be good solution.
Where I work we create weekly backups and we test these monthly there were few times where backup was corrupt and we wouldn't know it if it wasn't for the test.

I use google drive. It is very cheap. I have 100gb storage and i use google sync to autosync my dev folder that is what is important to me.

works fine!

ilan said:

I use google drive. It is very cheap. I have 100gb storage and i use google sync to autosync my dev folder that is what is important to me.

works fine!

Click to expand...

This won't protect you from ransomware. If the malware can find the files they will be encrypted and auto synced to your Google drive.

This is why a manual push to another storage service is a good idea.

Also not sure about Google drive but my Dropbox has historic versions so it is possible to retrieve older copies if you realise you've been compromised.

tchart said:

This won't protect you from ransomware. If the malware can find the files they will be encrypted and auto synced to your Google drive.

This is why a manual push to another storage service is a good idea.

Also not sure about Google drive but my Dropbox has historic versions so it is possible to retrieve older copies if you realise you've been compromised.

Click to expand...

i thought that this thread was about backup methods we use. so i backup important data to google drive to avoid the situation my hard drive will break. (happened to me 3 years ago)

to protect my pc from malware i have notron installed. so everything i download get scanned.
i dont know how malware works but i store all important files (dev folder) that is also the only folder i backup to google drive in a different partition. so everything that is downloaded is downloaded to drive c and is scanned by norton antivirus.

what else can we do?

Hi @ilan

I started this thread requesting suggestion after what happened to data/codes of our Saif.

The malware/ransomeware/virus all are unwanted guest but they may find some way to enter our system. Reformatting / resetting system is no problem.
The main problem is to get back our valuable codes and data which we created with hard work and giving our long time. Also many of us purely depend on it for surviving.

The manual push is still the best best as no virus/ransomeware code can do it automatically, as far as I understand now.

AnandGupta said:

The manual push is still the best best as no virus/ransomeware code can do it automatically, as far as I understand now.

Click to expand...

how do you know that when you make a manual push you dont push files that are already infected.
it can be that the files are infected with the malware and only when the hacker wants the file will no more be accessible.

so i guess having some kind of antivirus software running on your system to warn you and auto-delete suspected files is the only way to avoid such a scenario.

ilan said:

so i guess having some kind of antivirus software running on your system to warn you and auto-delete suspected files is the only way to avoid such a scenario.

Click to expand...

I agree with it and we all have some anti-virus running in our system. Even Saif has one.

But when it happens we can not blame antivirus. Our livelihood is lost.

ilan said:

how do you know that when you make a manual push you dont push files that are already infected.
it can be that the files are infected with the malware and only when the hacker wants the file will no more be accessible.

Click to expand...

Good point.
We are pushing each month backup data/codes in different drive folders. This way we have at least a few months old backup safe. Saif got similar way his old codes.

how do you know that when you make a manual push you dont push files that are already infected.

Click to expand...

Did you read my advice in post #9 above? Just having a watchdog on a few selected files helps you to discover the infection at its start.