I also did the following as additional measures based upon advice from Eric Darling, a colleague from eThree Media iN Savannah, GA. Hopefully QNAP will allow this in some future updates.) (I wish that QNAP would allow the default admin user to be completely deleted. That procedure will be SOP for any device with an “admin” user going forward. I had changed the default admin password when I set up my units, but by disabling the user named “admin” and changing it to another complex name, I removed a common attack vector for hackers. The thing I should have done immediately when I installed the QNAP was to create a new administrator-level user with a relatively complex name and password, log into it and disable the default QNAP admin account. I shut down or uninstalled any non-used app on the QNAP, then followed the manufacturer’s suggested best practices to mitigate any security risks: Once I did that, I reattached each unit one at a time to gather all app updates. I downloaded the latest firmware for my models on another computer with Internet access, then applied the latest patched firmware to each unit manually. Implement a cloud backup strategy for the under 200 meg files.įirst, I took all our QNAPs off the outward-facing, 1-gig network to take away any external attack vectors.Implement a local backup strategy for all files under 200 MB.Restore footage files from the drive library.Plus, I had not provided an off-site backup copy anywhere. ![]() And I needed to provide a way to keep a rolling backup, if possible, to give us some type of look-back period to retrieve versions a few days old. Once we were attacked, I realized I needed to add in a way to backup and protect the project files and all other production elements that weren’t shot. My greatest fear was losing footage that couldn’t be recreated easily, and our procedure protected against that. I had implemented my version of this with the bare drive/RAID5/LTO approach. The 3-2-1 backup strategy simply states that you should have three copies of your data (your production data and two backups) on two different media types (disk and tape) with one copy off-site for disaster recovery. The Golden Rule for data backup is the 3-2-1 strategy. So if you are keeping score at home, that’s a bunch of copies of the footage, but only one copy of projects, image, animation, and music files - all typically smaller than 20 MB. The Chrosync backup was made after the hack had occurred, so the ransomed files copied over the last known good copy. Technically, that would be the seventh temporary copy. We make a Chronsync backup of the NAS every night using an older RAID system to give a near-line-identical copy. The RAID 5 and NAS copies get deleted once everything is mastered off. When that drive is full, it gets an LTO copy (copy 6). When the project is complete, we archive to another bare drive (copy 5) for mastered projects. Once the bare drive (copy 1) reaches capacity, we make an LTO copy (copy 4). Then, the footage is loaded into an active project folder on the NAS (copy 3). We burn footage cards on an iMac via ShotPut Pro to a bare hard drive (copy 1) along with a copy to a locally attached RAID 5 (copy 2). Typically, we have at least four copies of all footage shot. Up until now, my backup strategy was based around the idea that a hardware failure was the most likely - and dangerous - problem we would face. We didn’t pay it, and we managed to reconstruct what was ransomed from backups, but not without a significant cost in man-hours. The hackers demanded a ransom to provide the password. The attacker encoded all files under 20 MB into a 7-zipped file that needed a password to unlock. ![]() ![]() Hackers were able to get into our system via an unplugged hole in one of the system apps. We fell prey to the nasty QLocker attack that hit QNAP owners around the world in mid-April. One of the single gig ports connected to our traditional network and was outward-facing to the internet. The 10-gig port services the edit suites. The QNAP has four 1-gig ethernet ports and a single 10-gig Ethernet port. The QNAP services four edit suites and a few other computers for browsing and offloading That gives us 40 TB of usable space with the safety net of being able to survive 2 drive failures. The NAS, a QNAP TS1685, is stocked with 4TB drives and striped into a RAID 6 configuration. We are a PC-based shop, with all machines connected to 48TB NAS via a closed 10 gig ethernet network. I have a small video production company that produces commercials, brand films, and TV programming. While sitting quietly in a rack, our QNAP was another victim of a recent ransomware attack on QNAPs. It’s Jake, my senior producer.Īnd with that starts a loooong week of recovery, troubleshooting, and formatting. I’m heading to a shoot and my phone rings.
0 Comments
Leave a Reply. |