Page 3 of 3

Re: New Checkmate Ransomware Threatening Your NAS Devices

Posted: 28 Sep 2022, 21:08
by bidmead
{L_BUTTON_AT}TMroy

Ah, in Backup. OK, many thanks.

I was about to add the standard apology for noob ignorance, @TMroy. But after some thought and a degree of trepidation (because I respect this forum and am very grateful for your help here) I'm going to finger-wag instead.

Snapshots can be backed up, which is an ideal combination. But you emphasise elsewhere -- absolutely rightly -- that snapshots aren't backups. A warning in the Backup Notes reminds us of the danger. The only possible conclusion is that file system snapshotting DOESN'T BELONG IN AN APP NAMED BACKUP.

Please escalate this to the devs. It should, of course, be in Snapshot.

--
Chris

Re: New Checkmate Ransomware Threatening Your NAS Devices

Posted: 28 Oct 2022, 01:17
by ThomasGrace
We appreciate the warning and appreciate that TM is alerting us to potential attacks on other NAS providers that may also target TM NAS in the future. I must say, though, that you guys could teach QNAP a lot from Deadbolt because you guys have really learned from it. (I have a QNAP as well, and I've never heard of Checkmate.)

Re: New Checkmate Ransomware Threatening Your NAS Devices

Posted: 16 Feb 2023, 22:31
by bidmead
It's taken me a while to realise that I'm still not clear about these snapshots that appear under the @snapshot directory in Filemanager when you elect to make snapshots visible.

Conveniently, these snapshots appear to be downloadable and manipulable like ordinary files. This would seem to mean that they're also vulnerable to being encrypted when subjected to a ransomware attack.

Would I be right, then, in assuming that following such an attack, all my snapshots would in this case be encrypted and therefore no longer accessible? And that for this reason snapshots are only a protection against ransomware if they are not made visible?

--
Chris

Re: New Checkmate Ransomware Threatening Your NAS Devices

Posted: 17 Feb 2023, 17:39
by TMSupport
{L_BUTTON_AT}bidmead

The snapshot file is read-only, you can download it, but you cannot modify the content of the file.
The "Snapshot visible" function is only for you to view snapshot files in file management.

Re: New Checkmate Ransomware Threatening Your NAS Devices

Posted: 19 Feb 2023, 21:58
by bidmead
Thanks, @TMSupport. I raised this question because the @snapshot folder I'm looking at here is definitely Read/Write for the adminstrator and as administrator I'm able to create new folders and files within it. However, I've tested this further and found that the existing snapshot files within this folder are indeed, as you say, undeletable for the admin and therefore, presumably, for any attacker.

It seems then safe to make the @snapshot directories permanently visible. Many thanks for clearing that up.

--
Chris