Tom I’ve found the most valuable thing you provide in your videos is that you explain the topic in a manner that is far more in depth than a simple tutorial of "click here, type this, click that, ok done." Your style of explaining how the system/software works along with your recommended best practices is really the best teaching method IMO. It lets us understand the topic and decide how to best implement for our specific needs. Thanks as always!
This very thing did happen to me. My 9 yr old son clicked on a pop-up while on the 'net. Welp, it was a ransomware attack, all files locked on local computer + computers connected to LAN + all files on my (then) FreeNAS box. I had my FreeNAS connected as network drives for my weekly backups - all of the backups got locked :( Steps taken to avoid disaster: 1. Unplugged household from internet 2. Unplugged all computers from LAN 3. Rolled back to the snapshot before ransomware attack on FreeNAS box - All files restored 4. Took a portable hard drive, transferred each computer image to it 5. Completely wiped all local computer hard drives of all data (Bootable Acronis Drive Cleanser - using the DoD standard) 6. One at a time, re-imaged each computer with Acronis images 7. Made sure Cable Moden was unplugged for more than a day (made sure I got new IP address) 8. Plugged all back in LAN and Internet Took 2 days, but all computers and FreeNAS box were restored without losing much data at all. The whole time, I showed my son the steps taken from #1 to #8 and what was involved and he now knows why he's got to watch what he clicks.
This is a really great explanation and overview of snapshots. Thanks very much! If I might suggest a follow-up: snapshot replication to another Free/TrueNAS server or just S3 storage in general. Either way, thanks so much for this video. I really enjoy seeing your posts. Always informative!
That was a great explainer! I set up my snapshots and followed along with your tutorial, and was amazed at how well the zfs snapshot process works - especially with the Windows File Manager's restore. Anyway, keep up the fantastic work you do.
I was thinking about this in past: if snapshot can protect rannsomware encryption action and was not sure about it. So thank you for opening this topic :)
Funny you bring this up. A few years back an org I'd just turned up for my first day had internet backups to a provider but had a measly download speed, they had just lost their SAN. I'd prefer a local backup offline preferably at a local site within a few miles and a third backup to cloud. I've seen people do cloud backups but the cost of downloading the backups is very costly not to mention time consuming.
Just wondering : in case of a ransomware attack, if a snapshot saves the difference between the original and encrypted files, does that mean the snapshot has to have the same size as the whole dataset ? If so, does that mean that you need at least50% free space on your dataset ? When happens if, say, your dataset is 75% full and a ransomware hit ? There shouldn't be enough space to store all the fraudulent modifications, right ?
I got hit with one of these few months ago, really stung and didnt have snapshots enabled at the time. Lost some data but chalked it up to experience and have since enabled. One method if you want to browse the snapshots without going into the dataset options and set Snapshot directory to Visible, you should then be able to see it from the root of the dataset under the .zfs folder and this will let you (the user) browse the snapshots via SMB and copy files back over as required.
Thanks Tom! Long time viewer and subscriber but my first ever comment....In windows you can use the "previous versions" tab to access a file; however, under linux do you need to clone the drive and mount it to be able to recover the file or is there something similar to "previous versions" in linux that I've missed? Thanks again and keep the videos coming!
You can go into the .zfs/snapshot folder at the top of a filesystem dataset to get read only access to any of the snapshots of that filesystem. These folders are actually where Samba is pulling from to provide the shadow copy feature. That .zfs folder won't show up in any of your directory listings but it's there.
Help needed, How to create permissions on a dataset called : OfficeData, UserName: Admin UserGroup: AdminGroup having Full control whereas another group called OfficeUserGroup (with all user in that group) having ReadOnly permission.
TrueNAS make a snapshot even if "Access" time changes.. Can i disable dublicating these snapshots.. So i want to access time be ignored by automatic snapshots..
Hi Tom, do you know if it is possible to add a password before deleting a snapshot Of course a special password that is not similar to the Root password This can help in case of Ransomware
Hello, i have a pc installed truenas 12. Snapshots are working fine via web interface of truenas. However on Windows i don't see previous versions of files. Any ideas? thanks.
Tom I’ve found the most valuable thing you provide in your videos is that you explain the topic in a manner that is far more in depth than a simple tutorial of "click here, type this, click that, ok done."
Your style of explaining how the system/software works along with your recommended best practices is really the best teaching method IMO. It lets us understand the topic and decide how to best implement for our specific needs. Thanks as always!
Thanks!
This very thing did happen to me. My 9 yr old son clicked on a pop-up while on the 'net. Welp, it was a ransomware attack, all files locked on local computer + computers connected to LAN + all files on my (then) FreeNAS box. I had my FreeNAS connected as network drives for my weekly backups - all of the backups got locked :(
Steps taken to avoid disaster:
1. Unplugged household from internet
2. Unplugged all computers from LAN
3. Rolled back to the snapshot before ransomware attack on FreeNAS box - All files restored
4. Took a portable hard drive, transferred each computer image to it
5. Completely wiped all local computer hard drives of all data (Bootable Acronis Drive Cleanser - using the DoD standard)
6. One at a time, re-imaged each computer with Acronis images
7. Made sure Cable Moden was unplugged for more than a day (made sure I got new IP address)
8. Plugged all back in LAN and Internet
Took 2 days, but all computers and FreeNAS box were restored without losing much data at all. The whole time, I showed my son the steps taken from #1 to #8 and what was involved and he now knows why he's got to watch what he clicks.
As always, another great tutorial! We and the rest of the #TrueNAS Community thank you!
Hi #TrueNAS, any way to backup Hyper-V VMs?, or is planned on the time soon?
You have to be careful when rolling back because it deletes all intermediate snapshots, so make sure you go back to the latest-good one
This is a really great explanation and overview of snapshots. Thanks very much!
If I might suggest a follow-up: snapshot replication to another Free/TrueNAS server or just S3 storage in general.
Either way, thanks so much for this video. I really enjoy seeing your posts. Always informative!
That was a great explainer! I set up my snapshots and followed along with your tutorial, and was amazed at how well the zfs snapshot process works - especially with the Windows File Manager's restore. Anyway, keep up the fantastic work you do.
Thank you! I was trying to restore through windows and it has been running almost 24 hours with 20 hours left! You're an awesome resource.
whoever disliked your video, is one of those guys that run ransomware... :)
Another excellent tutorial, even for non english native listeners!!! Verry clear concepts and diction. Thumbs up from Argentina!!
I was thinking about this in past: if snapshot can protect rannsomware encryption action and was not sure about it. So thank you for opening this topic :)
Funny you bring this up. A few years back an org I'd just turned up for my first day had internet backups to a provider but had a measly download speed, they had just lost their SAN. I'd prefer a local backup offline preferably at a local site within a few miles and a third backup to cloud. I've seen people do cloud backups but the cost of downloading the backups is very costly not to mention time consuming.
Just wondering : in case of a ransomware attack, if a snapshot saves the difference between the original and encrypted files, does that mean the snapshot has to have the same size as the whole dataset ? If so, does that mean that you need at least50% free space on your dataset ? When happens if, say, your dataset is 75% full and a ransomware hit ? There shouldn't be enough space to store all the fraudulent modifications, right ?
Correct, if the system runs out of space it goes into read only mode to stop further writes.
Great stuff, be interested on your opinion of Synology Btrfs snapshots as protection from ransomware. It seems to work in a similar way through DSM.
Please make a TrueNAS course. Thank you for the video.
you know a lot of thing Tom. i find your vids intresting , keep doing it. support, ciao
I got hit with one of these few months ago, really stung and didnt have snapshots enabled at the time. Lost some data but chalked it up to experience and have since enabled. One method if you want to browse the snapshots without going into the dataset options and set Snapshot directory to Visible, you should then be able to see it from the root of the dataset under the .zfs folder and this will let you (the user) browse the snapshots via SMB and copy files back over as required.
Awesome presentation ! Thank you ;-)
I appreciate their ever! thanks for the content!
Great video 10/10
Another great video!
TrueNAS (FreeBSD n' ZFS) hurrah!
Thanks Tom! Long time viewer and subscriber but my first ever comment....In windows you can use the "previous versions" tab to access a file; however, under linux do you need to clone the drive and mount it to be able to recover the file or is there something similar to "previous versions" in linux that I've missed? Thanks again and keep the videos coming!
That feature is not in Linux
You can go into the .zfs/snapshot folder at the top of a filesystem dataset to get read only access to any of the snapshots of that filesystem. These folders are actually where Samba is pulling from to provide the shadow copy feature. That .zfs folder won't show up in any of your directory listings but it's there.
great!
Help needed, How to create permissions on a dataset called : OfficeData, UserName: Admin UserGroup: AdminGroup having Full control whereas another group called OfficeUserGroup (with all user in that group) having ReadOnly permission.
This is a good method, however Seafile does these sort of task to perfection, there is an hour gap there, with Seafile there is 0
can i set up snapshots to be stored on an external drive or cloud?i mean out of that physical server where truenas is running?
No, the snapshots can only be stored on another system using the ZFS file system, but you can back up TrueNAS data to cloud providers.
TrueNAS make a snapshot even if "Access" time changes.. Can i disable dublicating these snapshots.. So i want to access time be ignored by automatic snapshots..
How does this compare to just using sentinel one rollback?
Should we use both or would that be redundant?
Sentinel One rollback is not as robust, I would use both
❤❤❤❤🎉
How do I take a snapshot of a Windows Server?
Hi Tom, do you know if it is possible to add a password before deleting a snapshot
Of course a special password that is not similar to the Root password
This can help in case of Ransomware
No there is not. The best way to prevent someone tampering is not letter someone get the root password.
Hello, i have a pc installed truenas 12. Snapshots are working fine via web interface of truenas. However on Windows i don't see previous versions of files. Any ideas? thanks.
Not currently using this, but I think you may be confusing Windows shadow copies (previous versions) with snapshots on the NAS.
You need to enable Shadow Copies via the Windows SMB share in FreeNAS/TrueNas. New shares it's enabled by default.
This is not ransomware protection, it is a kind of a simple backup. Better call it "ransomware recovery".
Snapshot is a 2-edged knife
Has anyone told you you look like Axwell from Swedish House Mafia?
Don't think so.
I like your content but your audio is slightly out of sync and I thought I was losing my mind for a second.