New
#1
Idea for ransomware protection of network drives
I like backing up to local drives--I back up to the cloud also, but I like knowing I can get my data back quickly, even if the internet is down, as long as it's a simple problem like a main hard drive failure. But in order to do automatic local backups that don't require constant attendance, I need to keep the drive always connected through USB or the network. And that means it is vulnerable to ransomware--if it can see my files it can encrypt the entire backup.
So I have been wondering if there is some way to protect my backups even when the drive is connected. I am learning about Windows Firewall right now, and it occurred to me---could Firewall rules be used to block access to the network drive except for the backup program?
EDIT: another idea is to create a User Account specifically for running the backup program. All other users or user groups would then be denied permission to modify the network drive. It would be very helpful if it were possible to deny the Administrators group such permission, because I think the ransomware may be running as an admin. But can an admin just change the permissions back? Would the ransomware authors have thought of that capability, or would the ransomware just skip the network drive if it doesn't immediately have write/modify permission? Not sure anyone has a hard answer to these questions.