Good.
Then execute the criminals when caight.
I got hit... I am loooong past being able to do manual backups or DVD backups... My main file store is several hundred gigabytes...
So I have had automated backups for years and years - Actually a pretty sophisticated system. The one thing it is susceptible to is ransom-ware. Because it is automated, unless you stop the automation, it naturally overwrites the older versions in the multiple backup locations with the encrypted/infected files (they have a newer change date and file date).
And, when I got hit, all of my regular machines got infected over the LAN - The only ones remaining infection free were my core machines, which are protected by Kaspersky instead of relying upon Microsoft's MSE/Defender...
FORTUNATELY, I have an old server doing nothing... I couldn't stand throwing it out, because it still worked great, so I kept it, and set it up as an auxiliary to my main server so that I could switch to it if the main broke down... Once a month or so I physically turn it on and let it sync to my main server, which includes my central backup store. Otherwise, it just sits there /off... Luckily I realized I was infected before firing that one up.
By far and away, my massive data set was sitting there, pristine. The other normal stores, were all infected and almost worse than 'entirely encrypted', I would hve had to open each file to see if it had been encrypted or not - Making the whole thing useless as the time to do that would be impossible anyway.
My real-time/critical stuff was safe, because it is synced variously online to make it available to tablets and phones...
For instance, since the local mail became encrypted, the sync to online failed, and thus my mail and PIM were saved online.
So really, the only thing that was in peril was my DEV platform, and that, only for less than 30 days worth... I was able to reconstruct that from dated backups (I keep recursive images for 90 days on critical data).
I wound up with a full skate, other than the hours it took to RD the infected stores and back feed them from the preserved one... And the time restoring the <30 day files back into Development. But one way or another, I never lost a single file, which is the main point.
There is a lesson in that. I am now firmly convinced that a backup location of some kind must remain manually operated and otherwise offline. Only to be used after rigorous scanning to be certain the data going onto it is clean.
It is way to easy to habituate automated backups and way too easy to get caught holding the bag.
