Duplicati ransomware protection

Hello, I explain my situation. I am a system administrator in a small office, currently I make my backup copies (Most of the virtual machines) with duplicati to a hard disk that I have outside the office through ssh.

My question is: Are those copies protected from a possible ransomware attack? The other day a salesperson called me to offer me backups in the cloud and he told me that only in the cloud are they protected, but it has always been good for me as I am doing now. What is your opinion?

Hello and welcome!

I’m going to assume you are talking about the back end data - the files Duplicati places on your destination storage.

These files could be affected by ransomware. It all depends on how “easy” it is for ransomware to discover it, and the permissions the ransomware has to the files.

Consider a USB drive attached directly to your computer. You get hit with ransomware and it will most likely scan all your local disks to try and encrypt files. Ransomware also likes to scan the network for shares.

If your destination disk is only accessible through SSH, then I think you are pretty well protected. For ransomware to affect that disk, it would have to discover a lot of information: server, path, credentials, etc. Theoretically if some ransomware was released that was Duplicati-aware, it could potentially collect that information from the database. Seems far fetched but I guess it is possible.

This is a bit deceptive. The only types of storage that are immune to ransomware are ones that restrict changing/deleting existing files. You can accomplish that in multiple ways, not just with cloud storage.

1 Like

Mine’s about the same as just said. Anything that can be written like a local file is an easy target (unless special measures are taken, e.g. unplugging a drive). Remote can make it harder to get into. Preventing irreversible damage to remote (even if access is obtained) can take work, however it’s possible. It’s also possible that another backup software is designed around ideas like legal record retention requirements, which may focus on immutability (even by the backup administrator), and so may also impede malware.

You’d need to get technical with your salesperson, but if all they said was “in the cloud”, that’s says little, beyond it’s at least one large step better than laying around in local files. But your method has that too…

For your purposes, a lighter weight solution of reverting damage might be easier than trying to prevent it.
Restore your OneDrive is a feature (which I have not used) which lets you revert to before file damages.

“Write only backup”: Is it possible to protect my duplicati backups on a remote backup against deletion?
talked about doing your own snapshots to achieve a similar goal. The next idea uses chattr on the files:
SFTP/SSH backups to a Linux server with added security

Regardless, any serious backup strategy should use multiple backups. If you use some other software to some other destination (or even the same one), chances of both breaking or malware getting in go down.

yes my backup server is out of office, it is a raspberry pi 4 running Ubuntu. In the office, no one has access to that server, it is only accessed by SSH for the copies of the server and by FTP for the copies of the local users. Thank you very much for the reply.