That's backup 101, and what every one of these small towns that got their systems infected by ransomware in the last month should have done, BTW. No excuse for that. Even a simple Carbonite account would take care of that.
However I never bothered to do the same thing with my weekly/monthly Acronis image backups (I image my server boot drive monthly and my workstaion's boot & data drives weekly). I do occasionally copy the latest image to a second off-line drive, but not regularly. Both my server and workstation save backup images to their own external USB 3.0 hard drives on a schedule. But those drives are always connected and if ransomware got into my workstation, it would see the external drive and probably encrypt my Acronis images. These are "hot" backups not "cold" (disconnected) backups.
Yeah it's nice that my data is securely backed up in the cloud, but if my system got compromised it would be nice to have a recent image to restore the boot drive without having to re-install Windows.
Listening to Steve Gibson discuss his methodology for making local "cold" backups the other day, he gave me a great idea. He does what I do - weekly images of critical drives on a schedule - but he dynamically mounts and unmounts the backup drive, so the drive is only visible to the operating system during the backup.
I did a little research and found the handy dandy commandline called MOUNTVOL: http://winteltools.com/mountvol/
I wrote two batch files: one to mount my drive and one to unmount it, and inserted them into the Acronis image job pre/post commands option. Most backup programs have this. It's a command or program you specify that you want to run before or after the backup runs. So I run the mount batch file before the backup (PRE) and the unmount batch file afterwards (POST).
You do need to get the unique Volume name for your backup drive, but that can be done with the MOUNTVOL <driveletter>: /L commandline in a DOS window.
I've posted some code here if anyone wants to do this. Just keep in mind that the drive will not be visible to Windows while it's unmounted, if you use that drive for anything else. You can manually run the mount and unmount batch files to make the drive accessible and then hide it again if you need to. The examples below presume the drive letter is "W" but this can be changed by changing the DRIVE variable:
MOUNT.BAT:
Code: Select all
@echo off
REM Be sure to change this to the drive letter you want to mount the drive to!
set drive=W
REM Be sure to change this to the Volume Name of the drive you want to mount!
REM Get the Volume Name by using command line command: MOUNTVOL W: /L
set volume=\\?\Volume{6092273f-1638-11e6-8276-d017c2a807be}\
:start
echo Mounting Drive...
mountvol %drive%: %volume%
echo Drive Mounted!
exit
Code: Select all
@echo off
REM Be sure to change this to the drive you want to unmount!
set drive=W:
echo Unmounting Drive...
mountvol %drive% /p
echo Drive Unmounted!
exit