Computers & Electronics

Offline file storage without the use of NAS

  • Last Updated:
  • Jun 1st, 2021 1:32 am
[OP]
Sr. Member
Nov 16, 2006
591 posts
232 upvotes
Toronto

Offline file storage without the use of NAS

Hello friends,

To make a long story short I don't trust any storage device that in any way has an ethernet cable going into my router. I have a QNAP NAS which I thought was secure but it was still hit the qlocker ransomware a few weeks back.

I have a bunch of old documents, pictures, videos, and project work on an external hard drive that I recovered from the ransomware attack. I would like to have 2 copies of this data to protect it from drive failure and kept offline. Naturally a NAS is the first thing that comes to mind but I simply don't trust any of them any more. Is there any external HDD's that have 2 drives in it operating in RAID 1? Or is there any way to purchase 2 drives but have them run in parallel or any software that can mirror one drive onto another. To add another layer to this challenge I would like the data to be accessible by both windows and mac computers.

I appreciate any thoughts on this.

Thank you
22 replies
Sr. Member
Jun 13, 2009
895 posts
633 upvotes
Toronto
How much data are we talking? Is it archival data, or something you work with/update often?
[OP]
Sr. Member
Nov 16, 2006
591 posts
232 upvotes
Toronto
Jruuu wrote: How much data are we talking? Is it archival data, or something you work with/update often?
About 1.5TB, only need to access it once a month.
Member
May 29, 2004
482 posts
131 upvotes
You can look at another NAS like TrueNas and Synology. Otherwise, your other option will be DAS (Direct Attached storage) which support raid 1 for the two hdd and probably other raid depending on the number hdd/ssd it support. In term of brand, LaCie one I recalled. In term of accessibility, you will have to format the hdd as exfat and you have to connect directly to your windows/mac. In term of QNAP, you can make secure by investing on firewall like pfsense which by default block all the ports. I would use docker rather than qnap app or Qnapclub Store. The ransomware was result of HB3 hardcoded credential that the attacker exploit
Deal Addict
Jun 8, 2005
3093 posts
556 upvotes
Toronto
It sounds like you didn't have any of your data backed up, if you had a single copy on the NAS and nowhere else. Look into the 3-2-1 backup strategy.
Sr. Member
Dec 6, 2020
563 posts
560 upvotes
Any storage device that can be accessed from any network is vulnerable to being attacked by ransomware. Hard drives attached to a networked computer are just as vulnerable as dedicated NAS devices. RAID mirroring provides no protection against ransomware or accidental deletion.

The only effective defense against ransomware is to have a separate copy of your data on a device that is not attached to any network and/or uses write-once storage media. Any form of offline backup storage is suitable, as long as it is offline (and preferably powered off) except when making or restoring backups.

The general choices in this area are external drives, or a separate NAS, that you only power up to make or restore a backup, LTO tape ($,$$$), or cloud-based backup from a provider that offers append-only (or, at minimum, versioned) storage. If you only have a small amount of data, Bluray BD-R disks are another very good choice.
Deal Addict
User avatar
Apr 29, 2018
1404 posts
972 upvotes
Vancouver
Your NAS can only be hit if it was publicly accessible.
Can't Stop. Won't Stop. Game Stop
Deal Addict
User avatar
Oct 19, 2007
1474 posts
431 upvotes
45.467253°N, 75.5123…
kramer1 wrote: Your NAS can only be hit if it was publicly accessible.
+1. Either that or a botched update accidentally bringing in malware
Sr. Member
Dec 6, 2020
563 posts
560 upvotes
kramer1 wrote: Your NAS can only be hit if it was publicly accessible.
This isn't true.

Multi-stage attacks, such as those installed by browser exploits, malicious email attachments, or trojan-infested downloads, can target anything on your network even if it is not publicly accessible.

Poorly-designed LAN-attached devices can also be targeted by drive-by CSRF attacks from compromised websites.
Sr. Member
Nov 23, 2004
914 posts
1626 upvotes
Ontario
Before I went to Unraid and changed around my backup approach, I did this on my old NAS:

4-bay enclosure into the USB of the NAS. Enclosure powered on a wifi outlet plug. NAS set to backup to enclosure once a week. The wifi switch would turn on an hour before the backups began, which gave the NAS time to detect it (not more than a couple minutes usually), and then the backup would run. I knew that incremental backups only took X hours, so I set the wifi switch to remain powered on for an overkill amount of time to account for even the largest of data changes. Backups finish, and wifi switch powers down the enclosure a while after and I'm left with a physically isolated, local backup set.

This gave me a directly attached backup that I could rapidly access, but without all the legwork of manually having to connect and run the backup (of which I'd forget to do, get lazy, etc.). I have another set of drives that are kept off site with less frequent manual backups then.

With this semi-automated, of course the scenario still exists that I could get malware just before the backup, not realize it, and then the drives would power on and get infected. Not fool proof, but the additional backups off site would cover a true disaster scenario.
Member
Sep 30, 2015
294 posts
78 upvotes
York, ON
I setup my old pc to back up my files. This old pc is only powered on when I want to add files from my main pc. Both my pc’s run on Linux. The old one has 2x4TB and 2x1TB mirror setup, and using zfs filing system . This is really a low cost solution.
Btw, one can use win10 as well,
Deal Addict
User avatar
Apr 29, 2018
1404 posts
972 upvotes
Vancouver
middleofnowhere wrote: This isn't true.

Multi-stage attacks, such as those installed by browser exploits, malicious email attachments, or trojan-infested downloads, can target anything on your network even if it is not publicly accessible.

Poorly-designed LAN-attached devices can also be targeted by drive-by CSRF attacks from compromised websites.

Theoretically - Sure, but they need a way in. Just having a NAS isn't sufficient. Also, in which case, getting rid of the NAS will not help anything.

However, keeping in mind most attackers, I highly doubt that that was the case here
Can't Stop. Won't Stop. Game Stop
Sr. Member
Jan 12, 2017
561 posts
203 upvotes
Keep a couple of external USB drives with off switches connected to a hub, duplicate click and they're offline until next month. Anything automated is trouble, stay away from drive docks, the fingers wear out too quickly and can take a drive down.
[OP]
Sr. Member
Nov 16, 2006
591 posts
232 upvotes
Toronto
Jruuu wrote: You could look at getting something like this: https://www.canadacomputers.com/product ... _id=032449

There are 1 and 2 drive versions out there. I personally have never used the raid versions, and gotten by with units like these: https://www.canadacomputers.com/product ... _id=026965
Thanks, looked into it. Could not find a device produced by any company I recognize and feel I can trust.
ratudio wrote: You can look at another NAS like TrueNas and Synology. Otherwise, your other option will be DAS (Direct Attached storage) which support raid 1 for the two hdd and probably other raid depending on the number hdd/ssd it support. In term of brand, LaCie one I recalled. In term of accessibility, you will have to format the hdd as exfat and you have to connect directly to your windows/mac. In term of QNAP, you can make secure by investing on firewall like pfsense which by default block all the ports. I would use docker rather than qnap app or Qnapclub Store. The ransomware was result of HB3 hardcoded credential that the attacker exploit
This is exactly what I ended up doing. I bought 2 Seagate drives which were already formatted exfat, and I will just have to manually update the "target" drive using the "source" drive as files are added, updated, deleted. My dad provided me with a handy application called Synchronize It! which does this very well.
kramer1 wrote: Your NAS can only be hit if it was publicly accessible.
Last year I read about a series of brute force attacks onto QNAP NAS's and I took the recommended measures to make sure it doesn't happen to me. From what I recall I:

1. Disabled admin user
2. Disabled qnapcloud
3. Disabled port forwarding

In hindsight sure I could've done more and it would've helped to block it from accessing the internet outright but hell I was just following the recommendations at the time given my knowledge on this subject. Either way, my trust in these devices has gone out the window. For the rest of my life I'll keep it simple and offline.
Deal Addict
User avatar
Apr 29, 2018
1404 posts
972 upvotes
Vancouver
xtreemboarder wrote: 1. Disabled admin user
2. Disabled qnapcloud
3. Disabled port forwarding

In hindsight sure I could've done more and it would've helped to block it from accessing the internet outright but hell I was just following the recommendations at the time given my knowledge on this subject. Either way, my trust in these devices has gone out the window. For the rest of my life I'll keep it simple and offline.
Sounds like you did everything right. How did they get in? Do you mind sharing the brute-force logs? I'd be happy to take a look and work with you over PM, if you'd prefer
Can't Stop. Won't Stop. Game Stop
[OP]
Sr. Member
Nov 16, 2006
591 posts
232 upvotes
Toronto
kramer1 wrote: Sounds like you did everything right. How did they get in? Do you mind sharing the brute-force logs? I'd be happy to take a look and work with you over PM, if you'd prefer
I was never impacted by the brute force attacks, and I don't have any logs.

As far as the Qlocker thing goes I think I may have been one of the earlier (and much luckier) victims. Qlocker ran on the evening of April 21 and I only discovered everything is in these 7z archives a couple days later. The ending to this story is kind of funny though because these jokers forgot to add a password. Not one of the 7z archive was password protected so over the course of a couple days I was able to decompress every file.

At this point I have formatted the NAS and will be getting rid of it.
Deal Addict
User avatar
Apr 29, 2018
1404 posts
972 upvotes
Vancouver
xtreemboarder wrote: I was never impacted by the brute force attacks, and I don't have any logs.

As far as the Qlocker thing goes I think I may have been one of the earlier (and much luckier) victims. Qlocker ran on the evening of April 21 and I only discovered everything is in these 7z archives a couple days later. The ending to this story is kind of funny though because these jokers forgot to add a password. Not one of the 7z archive was password protected so over the course of a couple days I was able to decompress every file.

At this point I have formatted the NAS and will be getting rid of it.
I am just wondering how the Qlocker got to your NAS, if "port forwarding" and "cloud access" was disabled. A chain attack sounds improbable to me, but it could be the case.

Like what if they got in via your PC or something?

Always assumed anything behind a LAN is generally safe. Wonder if that is true anymore
Can't Stop. Won't Stop. Game Stop
Deal Addict
Sep 13, 2011
1115 posts
736 upvotes
Canada
xtreemboarder wrote: Hello friends,

To make a long story short I don't trust any storage device that in any way has an ethernet cable going into my router. I have a QNAP NAS which I thought was secure but it was still hit the qlocker ransomware a few weeks back.

I have a bunch of old documents, pictures, videos, and project work on an external hard drive that I recovered from the ransomware attack. I would like to have 2 copies of this data to protect it from drive failure and kept offline. Naturally a NAS is the first thing that comes to mind but I simply don't trust any of them any more. Is there any external HDD's that have 2 drives in it operating in RAID 1? Or is there any way to purchase 2 drives but have them run in parallel or any software that can mirror one drive onto another. To add another layer to this challenge I would like the data to be accessible by both windows and mac computers.

I appreciate any thoughts on this.

Thank you
https://vantecusa.com/products_detail.p ... Enclosures

Top