Securing Shares from Ransomware with Snapshots

Discuss backup and restore functions of the DiskStation with respect other DiskStations, USB/eSATA, network backup, or other rsync clients.
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:

https://account.synology.com/support/su ... p?lang=enu



2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
decstewartje
I'm New!
I'm New!
Posts: 3
Joined: Wed Sep 13, 2017 3:26 pm

Securing Shares from Ransomware with Snapshots

Unread post by decstewartje » Wed Sep 13, 2017 3:36 pm

Hi there,

Using Time Back with 5x, you were able to specify a folder on a different partition on the NAS for snapshots. I don't see this option with 6x Snapshot Replication. I assume the snapshots are all created on the same volume as the shared folder itself.

If the snapshots are "visible", it creates a #snapshot folder in the share.
With these shares being mapped, they are susceptible to ransomware. My question is... are the snapshots exposed to the ransomware as well when they are visible, and are they protected from ransomware when not visible?

Thanks,
Jeremy

nheusel
Rookie
Rookie
Posts: 36
Joined: Sun Jun 27, 2010 3:23 pm

Re: Securing Shares from Ransomware with Snapshots

Unread post by nheusel » Tue Sep 26, 2017 10:59 pm

BTFRS based snapshots, like all copy-on-write based snapshots (see ZFS and WAFL) are read-only and therefore immutable. Just because they are visible does not make them vulnerable. You can make the #snapshot folder hidden if this still bothers you in the Snapshot Replication app under Settings.

Snapshot Replication requires a second Intel-based Synology NAS running the BTFRS filesystem. This facility allows you to replicate your data volumes AND the snapshots contained within them to a second storage array for backup retention on both devices (and potentially different sites). This is similar to what Enterprise IT have been doing for NAS disaster recovery for many years.
Somebody here likes to be morally superior and judge others on false pretenses. Sad...

Post Reply

Return to “Backup/Restore for DiskStation to DiskStation/USB/eSATA/Off-site backups”