Is TrueNAS Scale protected against ramsomware?
35 minutes ago, Robert Urrutia said:I'm planning to move from Unraid to TrueNAS Scale. Everything works fine in Unraid except the lack of snapshot feature. Recently (somehow) a member of my family got their shares infected by checkmate ramsomware, luckily not much data was lost due to an offline backup. Still that has got me thinking about migrating to TrueNAS. So is it true that in a case the shares get infected I could revert those changes back with a snapshot? In a case that some shares get inffected, can the ramsomware reach server system files and encrypt the snapshots? I know most people are gonna comment "a raid is not a backup". Yes I know that pretty right, but it's easier and quicker to just restore a snapshot rather than manually backing up everything everyday and manually restoring. TIA.
ZFS snapshots are read only, and the only way to delete them (or alter them in any way) would either be through the truenas WebUI or via sshing in. So I’m almost every case, yes, “snapshots are ransomeware proof”. Obviously, if someone tries hard enough, on a normal home network this may not always be the case as a program could attempt to scrape passwords and reach out to device, detect a truenas webUI and go to town… but this is beyond the typical set or concerns. Truenas does also support 2FA I believe, and that would go a long way against protecting against this as well.
Also something to remember, ZFS snapshots are “free”; they don’t take any space assuming no data has changed. I take snapshots of my important days every 10 minutes and hold them for 6 hours, snapshot every hour and hold for a day, snapshot every day and hold for 2 weeks, snapshot every week and hold for 2 months, snapshot every month and hold for 6 months. Since I rarely delete data out of my personal files directory, this dataset and it’s snapshots take up barely any more space then just the raw data itself. If your directory has a lot more deletions and such, you may have to edit the strategy you use - I have different snapshot strategies per dataset for this reason.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now