Having a full backup of your data is the last line of defense against a ransomware take over.
A good practice is to hang an external USB drive. Backup your data, then eject your drive
Ransomware can take over your backup if the drive is still attached
it is possible to reattach a connected USB drive via ssh commands. I am not a script kitty, yet was able to do it plus the drive is powered up all the time
My fix- on the backup USB drive, I plug it in thru a “smart switch” . I use KASA smart switch.
So my back up process is to :
- turn on my USB drive remotely with the smart switch
- When the NAS recognizes the drive, start the backup process. ( I use HBS3)
- I setup the backup to automatically eject the disk.
- My disk will spin down in about 10 minutes
- Then I turn off power to the drive. It’s now completely offline
For the really paranoid, you can put the drive off site or in a firesafe
So , if disaster strikes, I have a full clean backup