I learned that modern ransomware tactics are starting to target backup drives in addition to normal drives. This has me very nervous. In addition to the usual backup work that I do for myself and my parents, I host a backup server in the basement of my home that receives backups from my office through a VPN connection to the offsite location. I am currently updating our backup strategy to only connect to the VPN when the backups aren’t occurring, but now I am nervous about all the other potential pathways.
For example, the basement server is connected via a mapped drive to my main personal computer so I can check the status of backups and make sure everything looks right. I assume a ransomware attack would be able to transfer from my personal computer to the server via this connection? Also, I share files back and forth with my parents via resilio sync, so I assume an attack to transfer from my parents’ machine to mine, then to the server?
I started to just delete the mapped drive connection and only connect manually when needed, but I noticed that the server shows up in my network connections, even though I have the server’s network discovery turned off. I assume the attack could still bridge the gap to the server even if the drive isn’t mapped, since it can see it as part of the network?
I realize that the safest option is to backup to an external hard drive and then physically disconnect that drive, but the more automated I can make things (and still be safe), the easier it will be to carry out.