{"id":20460,"date":"2026-07-14T06:44:40","date_gmt":"2026-07-14T06:44:40","guid":{"rendered":"https:\/\/www.sandbox.backupassist.com\/blog\/?p=20460"},"modified":"2026-07-15T07:08:39","modified_gmt":"2026-07-15T07:08:39","slug":"nas-snapshots-against-ransomware","status":"publish","type":"post","link":"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware","title":{"rendered":"Snapshots for ransomware resilience &#8211; Ubiquiti NAS research report"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"1-executive-summary\">1. Executive summary<\/h2>\n\n\n\n<p>The Ubiquiti UNAS is an inexpensive, entry-level NAS that offers snapshot capabilities that provide protection against a cyber attacker, and solves the major problem where an attacker can delete backups on a network share. <\/p>\n\n\n\n<p>In July 2026, we conducted an extensive series of experimental tests to assess the capabilities of the Ubiquiti NAS, which is a relatively new offering to the market attracting discussions in online forums. <\/p>\n\n\n\n<p>Through careful experimentation, we assessed the cyber-resilience capabilities of the device at 5.5\/10, with the following important observations:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Security provided<\/th><th>Limitations<\/th><\/tr><\/thead><tbody><tr><td>NAS credentials are separate from Entra \/ AD, so a compromise there does not threaten the NAS.<\/td><td>MFA is only available when connecting the NAS to UniFi account. Running the NAS in &#8220;isolated&#8221; mode means MFA is not available.<\/td><\/tr><tr><td>Snapshots are hidden from the attacker, and provide historical restore points even if an attacker corrupts the current backup.<\/td><td>Restoring from a past snapshot is cumbersome: requires rolling back the entire share, or manually downloading historical backup files via the NAS admin console.<\/td><\/tr><tr><td>Generally meets the requirements that &#8220;Unprivileged user accounts are prevented from modifying and deleting backups.&#8221; (ASD Essential 8 ML 1)<\/td><td>Does not protect backups from a malicious administrator.<br>Not &#8220;bulletproof&#8221; (completely secure) against a deliberate, patient attacker &#8211; malicious activity would need to be detected by the backup software.<\/td><\/tr><tr><td>When set up correctly, the snapshot capability of UNAS is vastly more resilient than ordinary network shares<\/td><td>We encountered repeatable instances of silent failures<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Important notes:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>We assessed the NAS from a cyber-resilience viewpoint for storing backups with snapshots, not general performance or general cyber-security.<\/li>\n\n\n\n<li>Our conclusions are subject to security assumptions that hold true in general attack scenarios &#8211; see section 2.3.<\/li>\n\n\n\n<li>We tested the entry-level UNAS 2 model, but the UNAS 4 and UNAS Pro models run the same core operating system (UniFi OS) so we would expect similar results.<\/li>\n\n\n\n<li>We tested this NAS independently from any backup software. <\/li>\n<\/ol>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"2-scoring-pros-and-cons-security-model\">2. Scoring, pros and cons, security model<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"2-1-scorecard\">2.1 Scorecard<\/h3>\n\n\n\n<p>We scored the NAS based on 10 different criteria:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>1 criterion for usability<\/li>\n\n\n\n<li>8 criteria for security &#8211; which help us assess the level of cyber-security provided based on the &#8220;promises&#8221; provided<\/li>\n\n\n\n<li>1 overall criterion to evaluate how &#8220;bulletproof&#8221; the NAS is against the targeted level of security &#8211; in other words, &#8220;are the promises strong enough to be guarantees&#8221;?<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>#<\/th><th>Criterion<\/th><th>UNAS<\/th><th>Basis<\/th><\/tr><\/thead><tbody><tr><td>1<\/td><td>NAS performance does not degrade considerably with snapshots enabled<\/td><td><strong>PASS<\/strong><\/td><td>Internal throughput tests (<a href=\"http:\/\/ubiquiti-unas-experimental-testing-methodology.md#test-group-4\" target=\"_blank\" rel=\"noreferrer noopener\">Test group 4<\/a>): fresh writes show no penalty; overwrite\/churn throughput plateaus at ~155 MiB\/s with deep history and does <strong>not<\/strong> degrade as snapshot count grows (two 12-round sweeps agreed within ~1 MiB\/s at depth \u22655). Any steady-state penalty is modest (\u227215%) and within run-to-run noise, which is dominated by background NAS maintenance rather than snapshots. Via gigabit ethernet, this penalty would likely be undetectable to the user.<\/td><\/tr><tr><td>2<\/td><td>Allows separate admin credentials<\/td><td><strong>PASS<\/strong><\/td><td>Two types of separation are inherent:<br>1. the NAS can be run in isolated mode, separate from Entra and local domains, so a compromise there won&#8217;t compromise the NAS<br>2. share access credentials are separate and independent from the administrator login, so compromised share credentials won&#8217;t compromise the NAS<\/td><\/tr><tr><td>3<\/td><td>Snapshot is safe from attacker<\/td><td><strong>PASS<\/strong><\/td><td><a href=\"ubiquiti-unas-experimental-testing-methodology.md#test-group-2\">Test group 2<\/a>: snapshot was invisible over SMB \/ Previous Versions, undeletable with share credentials, and restore was verified.<\/td><\/tr><tr><td>4<\/td><td>Snapshot is safe from the administrator<\/td><td><strong>FAIL<\/strong><\/td><td>Lock is reversible with one click (Unlock); &#8220;Delete All Snapshots&#8221; with the &#8220;Include Locked Snapshots&#8221; checkbox removes locked snapshots.<\/td><\/tr><tr><td>5<\/td><td>There is a fixed period of immutability available (similar to cloud immutability)<\/td><td><strong>FAIL<\/strong><\/td><td>Lock is a simple on\/off state with no time-bound retention window or expiry.<\/td><\/tr><tr><td>6<\/td><td>A snapshot can be mounted as a share to allow non-destructive restore<\/td><td><strong>FAIL<\/strong><\/td><td>Snapshots are browsable and individually downloadable from the NAS admin console, but cannot be exposed as a network share for a backup product (e.g. BackupAssist) to run a recovery \u2014 including bare-metal \u2014 against a point-in-time version. Thus, restoring from a past snapshot on the NAS would require either (a) rolling back the share to the designated snapshot, or (b) downloading the backup.<\/td><\/tr><tr><td>7<\/td><td>Snapshot can be locked from automatic snapshot deletion<\/td><td><strong>PASS<\/strong><\/td><td>When auto-deleting snapshots, the NAS will not remove locked snapshots.<\/td><\/tr><tr><td>8<\/td><td>Snapshot locking can be automated or done on schedule<\/td><td><strong>FAIL<\/strong><\/td><td>Locking is manual and per-snapshot only; there is no policy-based or scheduled lock. Scheduled snapshots are therefore always created unlocked.<\/td><\/tr><tr><td>9<\/td><td>Flood attack: growth in data on the NAS cannot delete a snapshot<\/td><td><strong>PASS<\/strong><\/td><td>Flooding the NAS did not cause snapshots to be deleted. Both filling the same share and filling a different share until the NAS was completely full had no effect on snapshots. The NAS refused further writes rather than deleting snapshots.<\/td><\/tr><tr><td>10<\/td><td>Overall ransomware resilience for a set-and-forget backup target (ASD E8 ML1)<\/td><td><strong>PARTIAL (\u00bd)<\/strong><\/td><td>Protects against the ordinary ransomware case (<a href=\"http:\/\/ubiquiti-unas-experimental-testing-methodology.md#test-group-2\" target=\"_blank\" rel=\"noreferrer noopener\">Test group 2<\/a>) and the more sophisticated flood attack scenario (<a href=\"http:\/\/ubiquiti-unas-experimental-testing-methodology.md#test-group-7\" target=\"_blank\" rel=\"noreferrer noopener\">Test group 7<\/a>).<br>However, we discovered a situation where a determined, patient attacker can slowly flood the drive and eventually stop new snapshots from being created &#8211; even silently &#8211; and thus sabotage recent restore points. We awarded only half marks because this vulnerability exists, and there is no way to fully prevent it. See section 4.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>Score: 5.5 \/ 10<\/strong> (5 Yes, 4 No, 1 Partial). Criterion #10 is scored <strong>Partial (\u00bd)<\/strong>: the UNAS delivers ML1-level ransomware resilience under normal conditions but is not &#8220;bulletproof&#8221; against a deliberate, patient attacker (see section 4).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"2-2-pros-and-cons\">2.2 Pros and Cons<\/h3>\n\n\n\n<p><strong>Pros:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Provides ASD Essential Eight compliance to <strong>Maturity Level 1<\/strong> (&#8220;Unprivileged user accounts are prevented from modifying and deleting backups.&#8221;).<\/li>\n<\/ul>\n\n\n\n<p><strong>Cons:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Does not provide ASD Essential Eight compliance to <strong>Maturity Level 2<\/strong> (fails &#8220;Privileged user accounts (excluding backup administrator accounts) are prevented from modifying and deleting backups.&#8221;).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"2-3-security-and-attack-model\">2.3 Security and attack model<\/h3>\n\n\n\n<p>In any analysis, it&#8217;s necessary to understand the security model we used and any assumptions made. <\/p>\n\n\n\n<p><strong>What we consider:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The network&#8217;s authentication system (Active Directory, Entra, etc) is compromised and the attacker has administrator level access<\/li>\n\n\n\n<li>The attacker has access to the machines that are being backed up &#8211; like a file server &#8211; so any IP based firewall restrictions the NAS may have are rendered ineffective<\/li>\n<\/ul>\n\n\n\n<p><strong>What we assume:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The administrator credentials for the NAS are stored securely and kept confidential. (e.g. not stored in the browser of a compromised machine.)<\/li>\n\n\n\n<li>The NAS itself is not exploited at an operating system or kernel level &#8211; regular firmware upgrades are a good mitigation against this.<\/li>\n\n\n\n<li>The attacker does not have ssh access into the NAS.<\/li>\n\n\n\n<li>The NAS does not suffer from physical destruction, hardware failure, theft, etc.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"3-testing-methodology\">3. Testing methodology<\/h2>\n\n\n\n<p>All tests were run with the test tool (<code>nas_snaptest.py<\/code>) executing <strong>on the Windows client, against the mapped SMB share, using the share-only account<\/strong>. The tool never logs into the NAS. Snapshots are taken, and pool\/drive space is read, from the NAS admin interface at the checkpoints where the tool pauses. This separation is deliberate: the modelled &#8220;attacker&#8221; holds the backup share&#8217;s credentials and nothing else.<\/p>\n\n\n\n<p>The full step-by-step procedure for every test \u2014 all eight test groups, with the complete screenshot evidence needed to reproduce the results \u2014 is documented separately in <strong><a href=\"ubiquiti-unas-experimental-testing-methodology.md\">Ubiquiti UNAS \u2014 Experimental testing methodology<\/a><\/strong>. The scorecard and section 4 reference those test groups by number.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"4-overall-assessment-ransomware-resilience\">4. Overall assessment \u2014 ransomware resilience<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"4-1-assessment-against-asd-essential-8-maturity-levels\">4.1 Assessment against ASD Essential 8 Maturity Levels<\/h3>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Note: we are referring to only the &#8220;Regular backups&#8221; strategy of the ASD E8 in this discussion.<\/p>\n<\/blockquote>\n\n\n\n<p>Based on the features provided by the Ubiquiti NAS, we believe the core use-case is for users to attempt to achieve Maturity Level 1 (ML1) compliance of the ASD Essential 8, but not Maturity Level 2 (ML2).<\/p>\n\n\n\n<p><strong>Maturity Level One<\/strong> &#8211; satisfied with careful access controls<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;Unprivileged user accounts are prevented from modifying and deleting backups.&#8221;<\/p>\n<\/blockquote>\n\n\n\n<p><strong>Maturity Level Two<\/strong> &#8211; cannot be satisfied<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;Privileged user accounts (excluding backup administrator accounts) are prevented from modifying and deleting backups.&#8221;<\/p>\n<\/blockquote>\n\n\n\n<p>Under regular usage scenarios, we are satisfied that the UNAS meets those criteria when configured properly.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"4-2-resilience-under-attack-and-ransomware-scenarios\">4.2 Resilience under attack and ransomware scenarios<\/h3>\n\n\n\n<p>Our bigger question is, <strong>does the UNAS <em>as a whole<\/em> give an administrator dependable assurance of cyber-resilience at the level the device is capable of \u2014 here ASD Essential Eight Maturity Level One (ML1) for backups \u2014 under a ransomware scenario, and without ongoing manual oversight<\/strong>? <\/p>\n\n\n\n<p>In short: is it &#8220;bulletproof&#8221; in what it tries to do? <\/p>\n\n\n\n<p>The scenario in mind is a small organisation that deploys the UNAS as its backup target, configures it once, and relies on it so that if ransomware compromises a workstation and reaches the mapped backup share, clean data can still be recovered. The assurance sought is ASD E8 ML1 &#8220;Regular backups.&#8221;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"4-2-1-what-works-and-why-we-gave-it-a-half-point\">4.2.1 What works &#8211; and why we gave it a half point<\/h4>\n\n\n\n<p>Consider the ordinary ransomware case: the client is compromised and the mapped backup set is encrypted or overwritten in place.<\/p>\n\n\n\n<p><strong>The UNAS successfully protects the recovery point.<\/strong> An attack on the network share is unsuccessful: the attacker cannot see, enumerate, reach, or delete the snapshots (<a href=\"http:\/\/ubiquiti-unas-experimental-testing-methodology.md#test-group-2\" target=\"_blank\" rel=\"noreferrer noopener\">Test group 2<\/a>); cannot delete them through flooding the disk (<a href=\"http:\/\/ubiquiti-unas-experimental-testing-methodology.md#test-group-7\" target=\"_blank\" rel=\"noreferrer noopener\">Test group 7<\/a>); and a full recovery can be achieved from the most recent snapshot. This satisfies the specific E8 ML1 control that unprivileged accounts are prevented from modifying and deleting backups, and for the common attack it delivers the resilience the user is seeking.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"4-2-2-where-it-breaks-and-why-we-deducted-a-half-point\">4.2.2 Where it breaks, and why we deducted a half point<\/h4>\n\n\n\n<p>Consider a scenario: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Total storage of the NAS: 8 TB<\/li>\n\n\n\n<li>Drive quota for the backup share: 2 TB<\/li>\n\n\n\n<li>Current contents on the backup share: 1 TB<\/li>\n\n\n\n<li>Total NAS space consumption: 2.5 TB (comprising 1 TB current data, 1.5 TB past snapshots)<\/li>\n\n\n\n<li>Snapshots are taken on a daily basis<\/li>\n<\/ul>\n\n\n\n<p>A sophisticated and patient attacker could theoretically set up a &#8220;fill and churn&#8221; attack &#8211; say add 800 GB of data to the backup share on Day 1, then each day after, change that data &#8220;in place&#8221;. <\/p>\n\n\n\n<p>Even if the backup didn&#8217;t change at all, each successive snapshot would therefore take an extra 800 GB of space. We begin with 5.5 TB free on the NAS, and after 7 days, the NAS is completely full. At some point during this attack, snapshots would start failing, and when combined with the &#8220;silent failure&#8221; problem (see section 4.3) all this may well go undetected.<\/p>\n\n\n\n<p>All the attacker would need to do then is wait some period of time, before deleting the backups and installing ransomware. Then in this case, the last snapshot would be from weeks ago &#8211; forcing the victim to decide whether to pay a ransom or recover from an out-of-date backup.<\/p>\n\n\n\n<p>This attack is considerably harder to carry out than a quick, opportunistic one. But what caused us to deduct the half point is that the attack exists, and we have real concerns that it would go undetected because of the <strong>unpredictable and silent snapshot failures<\/strong> that we encountered (section 4.3). We also cannot expect an administrator to log into the admin console each day &#8211; so the administrator would be unaware that the recovery points stopped being created.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"4-3-other-problems-encountered\">4.3 Other problems encountered<\/h3>\n\n\n\n<p>While testing the NAS, we encountered a few anomalies worth noting:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Email notification could not be configured to work (<a href=\"http:\/\/ubiquiti-unas-experimental-testing-methodology.md#test-8-1\" target=\"_blank\" rel=\"noreferrer noopener\">Test 8.1<\/a>). So an operator relying on being alerted may simply not learn that recovery points have stopped being created.<\/li>\n\n\n\n<li>Snapshot-creation failures were sometimes <strong>silent<\/strong> (<a href=\"http:\/\/ubiquiti-unas-experimental-testing-methodology.md#test-group-7\" target=\"_blank\" rel=\"noreferrer noopener\">Test group 7<\/a> and <a href=\"http:\/\/ubiquiti-unas-experimental-testing-methodology.md#test-group-8\" target=\"_blank\" rel=\"noreferrer noopener\">Test group 8<\/a>) \u2014 no event-log entry at all<\/li>\n\n\n\n<li>Snapshot failures were inconsistent &#8211; at times, a snapshot failed with still ~800 GB free on the NAS. At other times, snapshots would be successful with under 1 GB free.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"4-4-how-to-get-the-best-out-of-the-ubiquiti-nas\">4.4 How to get the best out of the Ubiquiti NAS<\/h3>\n\n\n\n<p>Given its pros and cons, strengths and weaknesses &#8211; how would we get the most out of the Ubiquiti NAS as a resilient storage medium for backups?<\/p>\n\n\n\n<p>We&#8217;ll look at this from a few angles.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"4-4-1-security-configuration-on-the-unas\">4.4.1 Security configuration on the UNAS<\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Set up strong passwords for the UNAS administrator account, and do not reuse that password elsewhere. Never store the password in a browser, and always log out of the browser when performing administration (or use a private browsing session).<\/li>\n\n\n\n<li>Set up separate credentials for the network shares, and never share them elsewhere.<\/li>\n\n\n\n<li>Input those credentials only in the backup software, and avoid mapping a network share explicitly from Windows Explorer or the command line.<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"4-4-2-storage-configuration-on-the-unas\">4.4.2 Storage configuration on the UNAS<\/h4>\n\n\n\n<p>Many people may ask, could the overall resilience to cyber attacks be improved if the UNAS were configured carefully?<\/p>\n\n\n\n<p>We considered the variables here:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Maximum number of snapshots &#8211; before the oldest unlocked snapshot gets auto-deleted<\/li>\n\n\n\n<li>Maximum disk quota for the share<\/li>\n\n\n\n<li>Total disk space of the NAS<\/li>\n<\/ul>\n\n\n\n<p>And the overall constraint is &#8211; no one has an unlimited budget, and if the cost of the NAS escalates (like installing 30 TB hard drives) then other backup storage media become more appealing.<\/p>\n\n\n\n<p>As systems administrators, our initial instinct would be to set the maximum number of snapshots to something high &#8211; 180, and to set a disk quota to 1.5 times the size of the source disks, and we would aim to have a total disk space available of 2.5 times the disk quota. These are the figures we&#8217;ve settled upon after 20 years in the game of backing up servers and workstations.<\/p>\n\n\n\n<p>Let&#8217;s look at the effect of varying any parameter:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Increasing the maximum number of snapshots would increase the number of historical restore points, but if old snapshots aren&#8217;t deleted quickly enough, the entire NAS would fill up, causing both backups and snapshots to fail.<\/li>\n\n\n\n<li>Decreasing the maximum number of snapshots would mean it&#8217;s less likely the NAS would completely fill up, but the shorter history makes an attack more likely to succeed.<\/li>\n\n\n\n<li>Increasing the disk quota would enable the attacker to flood more data per day, causing snapshots to fail sooner.<\/li>\n\n\n\n<li>Decreasing the disk quota would limit the attacker&#8217;s ability to flood the NAS, but could interfere with the backup operation and decrease the backup retention capabilities of the backup software.<\/li>\n\n\n\n<li>Increasing the total disk space would add headroom, delaying when an attacker could successfully complete an exploit, but cost substantially more in disk storage costs.<\/li>\n<\/ol>\n\n\n\n<p>There&#8217;s no clear &#8220;do this&#8221; path to follow, because each action has side effects.<\/p>\n\n\n\n<p>Because of these side effects, we recommend sticking to the default guidance on parameters and instead looking to the backup software for monitoring and mitigations.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"4-4-3-monitoring-from-the-backup-software\">4.4.3 Monitoring from the backup software<\/h4>\n\n\n\n<p>The shortcomings of the UNAS could be overcome with good monitoring from the backup software. Products like <u>BackupAssist<\/u> provide a range of active and passive mitigations &#8211; from CryptoSafeGuard monitoring activity on both the backup target and source folders, to daily backup reports that show the amount of free space on the backup share.<\/p>\n\n\n\n<p>In the flood attack described above:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The UNAS would likely never report the problem<\/li>\n\n\n\n<li>BackupAssist would issue a warning when the backup target hit 90% usage &#8211; delivered by email and central managed backup console<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"4-5-to-mfa-or-not-mfa-\">4.5 To MFA or not MFA?<\/h3>\n\n\n\n<p>One thing we noticed when using the Ubiquiti NAS is the absence of MFA. We configured the NAS in &#8220;isolated&#8221; mode to start with &#8211; meaning that we did not connect the device to a UniFi account or attempt to set it up via the phone app. Consequently, the NAS is protected by a single password for the web admin console, and when we set up SSH, we set a different password for root access via SSH. MFA was not available on either mode of access.<\/p>\n\n\n\n<p>The user manuals for the UNAS state that MFA is available on UniFi accounts &#8211; but that would require connecting the NAS to Ubiquiti&#8217;s central management and authentication services.<\/p>\n\n\n\n<p>In our view, it would have been ideal to allow MFA on the web management console even in isolated mode. However, it is not a &#8220;show stopper&#8221; for us &#8211; because we chose to run the NAS in isolated mode, meaning it is not connected to the Internet and we secure access to the LAN via other means like a VPN.<\/p>\n\n\n\n<p>So in summary, an administrator would have to choose between:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Be completely isolated, but not have MFA (and implement other security controls in its place)<\/li>\n\n\n\n<li>Be integrated into UniFi and have MFA, but be reliant on Ubiquiti.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"4-6-summary-of-key-limitations\">4.6 Summary of key limitations<\/h3>\n\n\n\n<p>As a final recap of the limitations we encountered:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>The UNAS does not protect the backups from a malicious administrator. <\/li>\n\n\n\n<li>Nor is it &#8220;bulletproof&#8221; (i.e. completely secure) against a deliberate, patient attacker: a multi-day flood or churn campaign can stop new recovery points from being created, or cause existing ones to be deleted, forcing recovery from older data. <\/li>\n\n\n\n<li>MFA is not available if you choose to run the NAS in isolated mode.<\/li>\n\n\n\n<li>We encountered some apparent bugs:\n<ol class=\"wp-block-list\">\n<li>Unable to set up email notifications, and no log messages <\/li>\n\n\n\n<li>Silent failures when creating a snapshot failed<\/li>\n\n\n\n<li>Unknown causes of snapshot failure: sometimes, snapshots could be created right up to the NAS filling up completely; other times the snapshot would fail even when there was about 11% free space, and no error logs appeared<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li>So while the UNAS delivers ASD Essential Eight Maturity Level One resilience for the ordinary ransomware case, it falls short of the guarantees of immutable cloud storage. Overall score: 5.5 \/ 10.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"appendix-findings-summary\">Appendix \u2014 findings summary<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Credential separation is easy.<\/strong> The SMB File Services credential is a distinct secret from the UniFi admin login; the share session has no route to snapshot controls.<\/li>\n\n\n\n<li><strong>A compromised network share does not affect its snapshots.<\/strong> A share-only attacker destroyed the live backup set, could not see\/enumerate\/delete snapshots, and a byte-clean restore was verified.<\/li>\n\n\n\n<li><strong>Snapshots are invisible to SMB clients.<\/strong> From within a share, there is no &#8220;Previous Versions&#8221; visible.<\/li>\n\n\n\n<li><strong>Restore model is not ideal but still works.<\/strong> A destructive rollback is offered to restore to an earlier snapshot; alternatively a per-file Download (non-destructive) is offered for small selective pulls. There is no way to mount a snapshot as a share for recovery (criterion #6: FAIL).<\/li>\n\n\n\n<li><strong>Snapshot lock is available but rudimentary.<\/strong> Snapshot locking is a manual process, reversible with one click, has no expiry, and cannot be scheduled. Protects against automatic deletion when the maximum number of snapshots is hit (PASS for #7) but not against a deliberate administrator (FAIL for #4), and provides no fixed immutability window (FAIL for #5, FAIL for #8).<\/li>\n\n\n\n<li><strong>Snapshot space usage is outside the drive&#8217;s quota.<\/strong> The snapshots of a drive do not count against the drive&#8217;s space usage. For example, if a drive has a 1 TB quota, 600 GB of live data, and 500 GB of past snapshots, there will still be 400 GB free on the drive. This is because the 500 GB of past snapshots live on the same storage pool (thus occupying space on the NAS) but are not counted towards the 1 TB quota.<\/li>\n\n\n\n<li><strong>Automatic deletion respects locks.<\/strong> When the snapshot limit is reached, the NAS deletes the oldest snapshot first, but only ever an unlocked one. Locked snapshots are never deleted automatically \u2014 the NAS will hold more than its configured limit rather than touch a locked snapshot. It flags this clearly in the interface.<\/li>\n\n\n\n<li><strong>Snapshots can be scheduled, with options from hourly to monthly.<\/strong> <\/li>\n\n\n\n<li><strong>Snapshots do slow down the NAS slightly but would not be noticeable via gigabit ethernet.<\/strong> Fresh writes are unaffected by snapshots; overwrite\/churn throughput settles at ~155 MiB\/s with deep history and does not degrade as snapshot count grows (two 12-round sweeps, flat and within ~1 MiB\/s at depth \u22655). Early-round variability was traced to the NAS&#8217;s own background I\/O (an <code>iostat<\/code>-captured ~32 GiB read burst), not to snapshots. Measured internally; over-SMB throughput confirmed at ~117 MB\/s sustained during the #9 flood, consistent with gigabit ethernet being the network-side limit.<\/li>\n\n\n\n<li><strong>After a flood attack, snapshots survive under all conditions.<\/strong> Both cross-drive flooding and same-share churn flooding were driven to absolute pool full in separate tests. In both cases the NAS refused further writes rather than deleting snapshots \u2014 neither the unlocked nor the locked tracer was deleted. Snapshot integrity verified by SHA1 hash comparison across three distinct point-in-time versions of the same file. The safe failure mode holds regardless of the source of pool pressure.<\/li>\n\n\n\n<li><strong>Overall ransomware resilience (#10): Partial (\u00bd).<\/strong> The UNAS delivers ASD E8 ML1 resilience for the ordinary ransomware case \u2014 a share-only attacker cannot reach the snapshots, delete them, or cause them to be deleted through space pressure, and a byte-clean restore is available. But a determined, patient attacker can flood the pool or exploit oldest-unlocked count-based deletion to stop new recovery points from being created or delete existing ones, forcing a restore from older data, without ever breaching the modify\/delete control. Mitigations (enforcing a usage quota, backup-only use, monitoring, manual locking of verified snapshots) reduce but do not eliminate the risk. See section 4.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>In the fight against ransomware, every extra security mechanism aimed at preserving and shielding backups from attack can be helpful in ensuring you have a viable recovery point.<\/p>\n<p>We tested the latest NAS offering from Ubiquiti, and scored the Ubiquiti NAS a 5.5\/10 for cyber-resilience. While this score may seem low, in reality we believe this device offers good &#8220;bang for buck&#8221; and is far superior to the common practice of backing up to a Windows share (which scores 1\/10).<\/p>\n","protected":false},"author":2,"featured_media":20463,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[764,757],"tags":[274,832,213,833,835,823,834,311,831],"class_list":["post-20460","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-best-practices","category-cyber-resilience","tag-backup-strategy","tag-cyber-resilience-2","tag-data-recovery","tag-immutable-storage","tag-nas-backup","tag-nas-snapshots","tag-point-in-time-recovery","tag-ransomware","tag-ubiquiti-unas"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Snapshots for ransomware resilience - Ubiquiti NAS research report - Cyber Resilience Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Snapshots for ransomware resilience - Ubiquiti NAS research report - Cyber Resilience Blog\" \/>\n<meta property=\"og:description\" content=\"In the fight against ransomware, every extra security mechanism aimed at preserving and shielding backups from attack can be helpful in ensuring you have a viable recovery point. We tested the latest NAS offering from Ubiquiti, and scored the Ubiquiti NAS a 5.5\/10 for cyber-resilience. While this score may seem low, in reality we believe this device offers good &quot;bang for buck&quot; and is far superior to the common practice of backing up to a Windows share (which scores 1\/10).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Resilience Blog\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-14T06:44:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-07-15T07:08:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.sandbox.backupassist.com\/app\/uploads\/sites\/3\/2026\/07\/ubiquiti-unas-banner.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1376\" \/>\n\t<meta property=\"og:image:height\" content=\"768\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Linus Chang\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Linus Chang\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"15 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware\"},\"author\":{\"name\":\"Linus Chang\",\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/#\/schema\/person\/523a9a01769da254de228dbd4b1328d3\"},\"headline\":\"Snapshots for ransomware resilience &#8211; Ubiquiti NAS research report\",\"datePublished\":\"2026-07-14T06:44:40+00:00\",\"dateModified\":\"2026-07-15T07:08:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware\"},\"wordCount\":3389,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.sandbox.backupassist.com\/app\/uploads\/sites\/3\/2026\/07\/ubiquiti-unas-banner.jpg\",\"keywords\":[\"backup strategy\",\"Cyber Resilience\",\"data recovery\",\"Immutable Storage\",\"NAS Backup\",\"NAS Snapshots\",\"Point-in-Time Recovery\",\"ransomware\",\"Ubiquiti UNAS\"],\"articleSection\":[\"Best practices\",\"Cyber Resilience\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware\",\"url\":\"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware\",\"name\":\"Snapshots for ransomware resilience - Ubiquiti NAS research report - Cyber Resilience Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.sandbox.backupassist.com\/app\/uploads\/sites\/3\/2026\/07\/ubiquiti-unas-banner.jpg\",\"datePublished\":\"2026-07-14T06:44:40+00:00\",\"dateModified\":\"2026-07-15T07:08:39+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware#primaryimage\",\"url\":\"https:\/\/www.sandbox.backupassist.com\/app\/uploads\/sites\/3\/2026\/07\/ubiquiti-unas-banner.jpg\",\"contentUrl\":\"https:\/\/www.sandbox.backupassist.com\/app\/uploads\/sites\/3\/2026\/07\/ubiquiti-unas-banner.jpg\",\"width\":1376,\"height\":768,\"caption\":\"NAS snapshots provide an additional recovery layer by preserving point-in-time copies of your data, helping organizations recover quickly from ransomware or accidental file changes.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.sandbox.backupassist.com\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Snapshots for ransomware resilience &#8211; Ubiquiti NAS research report\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/#website\",\"url\":\"https:\/\/www.sandbox.backupassist.com\/blog\/\",\"name\":\"Cyber Resilience Blog\",\"description\":\"Protect Your Cloud Data with BackupAssist\",\"publisher\":{\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.sandbox.backupassist.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/#organization\",\"name\":\"Cyber Resilience Blog\",\"url\":\"https:\/\/www.sandbox.backupassist.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.sandbox.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg\",\"contentUrl\":\"https:\/\/www.sandbox.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg\",\"caption\":\"Cyber Resilience Blog\"},\"image\":{\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/#\/schema\/person\/523a9a01769da254de228dbd4b1328d3\",\"name\":\"Linus Chang\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.sandbox.backupassist.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/58a69ed0d0b9928d91dec6132dccfb646cc4230839af779f185531c722b0d017?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/58a69ed0d0b9928d91dec6132dccfb646cc4230839af779f185531c722b0d017?s=96&d=mm&r=g\",\"caption\":\"Linus Chang\"},\"description\":\"*Founder &amp; Creator, BackupAssist* Linus Chang has been writing software since he was eight years old. He founded BackupAssist in 2002 \u2014 making him one of the longest-standing voices in Windows backup and data protection \u2014 and has spent the decades since talking to IT administrators around the world about what actually goes wrong, and why. His interest in data loss isn't abstract. Early in his career, he was working at the Monash University help desk when a student came in with a floppy disk that wouldn't read. They tried everything. None of their drives could read it either. The disk held her entire PhD dissertation \u2014 years of work \u2014 and it was the only copy. She broke down in tears. There was nothing he could do. Five years later, he wrote the first version of BackupAssist. Linus holds a Bachelor of Science in Computer Science and has held Microsoft Certified Solution Developer and Sun Certified Java Programmer credentials. More recently, he has completed digital forensics and cyber-security courses through the Black Hat Conference. He has spoken on information security and cryptography at Infosecurity Europe, addressed politicians and policymakers at Australian Parliament House, presented to SMB IT administrators at the IT Pro Experts Conference, and served as a guest lecturer to Cyber Security master's students at the University of Melbourne. On this blog, Linus writes about backup strategy and the technical side of cyber-resilience \u2014 drawing on 24 years of product development and direct conversation with the IT professionals BackupAssist is built for. [Connect with Linus on LinkedIn](https:\/\/www.linkedin.com\/in\/linuschang\/)\",\"url\":\"https:\/\/www.sandbox.backupassist.com\/blog\/author\/linus-chang\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Snapshots for ransomware resilience - Ubiquiti NAS research report - Cyber Resilience Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware","og_locale":"en_US","og_type":"article","og_title":"Snapshots for ransomware resilience - Ubiquiti NAS research report - Cyber Resilience Blog","og_description":"In the fight against ransomware, every extra security mechanism aimed at preserving and shielding backups from attack can be helpful in ensuring you have a viable recovery point. We tested the latest NAS offering from Ubiquiti, and scored the Ubiquiti NAS a 5.5\/10 for cyber-resilience. While this score may seem low, in reality we believe this device offers good \"bang for buck\" and is far superior to the common practice of backing up to a Windows share (which scores 1\/10).","og_url":"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware","og_site_name":"Cyber Resilience Blog","article_published_time":"2026-07-14T06:44:40+00:00","article_modified_time":"2026-07-15T07:08:39+00:00","og_image":[{"width":1376,"height":768,"url":"https:\/\/www.sandbox.backupassist.com\/app\/uploads\/sites\/3\/2026\/07\/ubiquiti-unas-banner.jpg","type":"image\/jpeg"}],"author":"Linus Chang","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Linus Chang","Est. reading time":"15 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware#article","isPartOf":{"@id":"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware"},"author":{"name":"Linus Chang","@id":"https:\/\/www.sandbox.backupassist.com\/blog\/#\/schema\/person\/523a9a01769da254de228dbd4b1328d3"},"headline":"Snapshots for ransomware resilience &#8211; Ubiquiti NAS research report","datePublished":"2026-07-14T06:44:40+00:00","dateModified":"2026-07-15T07:08:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware"},"wordCount":3389,"commentCount":0,"publisher":{"@id":"https:\/\/www.sandbox.backupassist.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware#primaryimage"},"thumbnailUrl":"https:\/\/www.sandbox.backupassist.com\/app\/uploads\/sites\/3\/2026\/07\/ubiquiti-unas-banner.jpg","keywords":["backup strategy","Cyber Resilience","data recovery","Immutable Storage","NAS Backup","NAS Snapshots","Point-in-Time Recovery","ransomware","Ubiquiti UNAS"],"articleSection":["Best practices","Cyber Resilience"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware","url":"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware","name":"Snapshots for ransomware resilience - Ubiquiti NAS research report - Cyber Resilience Blog","isPartOf":{"@id":"https:\/\/www.sandbox.backupassist.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware#primaryimage"},"image":{"@id":"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware#primaryimage"},"thumbnailUrl":"https:\/\/www.sandbox.backupassist.com\/app\/uploads\/sites\/3\/2026\/07\/ubiquiti-unas-banner.jpg","datePublished":"2026-07-14T06:44:40+00:00","dateModified":"2026-07-15T07:08:39+00:00","breadcrumb":{"@id":"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware#primaryimage","url":"https:\/\/www.sandbox.backupassist.com\/app\/uploads\/sites\/3\/2026\/07\/ubiquiti-unas-banner.jpg","contentUrl":"https:\/\/www.sandbox.backupassist.com\/app\/uploads\/sites\/3\/2026\/07\/ubiquiti-unas-banner.jpg","width":1376,"height":768,"caption":"NAS snapshots provide an additional recovery layer by preserving point-in-time copies of your data, helping organizations recover quickly from ransomware or accidental file changes."},{"@type":"BreadcrumbList","@id":"https:\/\/www.sandbox.backupassist.com\/blog\/nas-snapshots-against-ransomware#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.sandbox.backupassist.com\/blog"},{"@type":"ListItem","position":2,"name":"Snapshots for ransomware resilience &#8211; Ubiquiti NAS research report"}]},{"@type":"WebSite","@id":"https:\/\/www.sandbox.backupassist.com\/blog\/#website","url":"https:\/\/www.sandbox.backupassist.com\/blog\/","name":"Cyber Resilience Blog","description":"Protect Your Cloud Data with BackupAssist","publisher":{"@id":"https:\/\/www.sandbox.backupassist.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.sandbox.backupassist.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.sandbox.backupassist.com\/blog\/#organization","name":"Cyber Resilience Blog","url":"https:\/\/www.sandbox.backupassist.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.sandbox.backupassist.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.sandbox.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg","contentUrl":"https:\/\/www.sandbox.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg","caption":"Cyber Resilience Blog"},"image":{"@id":"https:\/\/www.sandbox.backupassist.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.sandbox.backupassist.com\/blog\/#\/schema\/person\/523a9a01769da254de228dbd4b1328d3","name":"Linus Chang","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.sandbox.backupassist.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/58a69ed0d0b9928d91dec6132dccfb646cc4230839af779f185531c722b0d017?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/58a69ed0d0b9928d91dec6132dccfb646cc4230839af779f185531c722b0d017?s=96&d=mm&r=g","caption":"Linus Chang"},"description":"*Founder &amp; Creator, BackupAssist* Linus Chang has been writing software since he was eight years old. He founded BackupAssist in 2002 \u2014 making him one of the longest-standing voices in Windows backup and data protection \u2014 and has spent the decades since talking to IT administrators around the world about what actually goes wrong, and why. His interest in data loss isn't abstract. Early in his career, he was working at the Monash University help desk when a student came in with a floppy disk that wouldn't read. They tried everything. None of their drives could read it either. The disk held her entire PhD dissertation \u2014 years of work \u2014 and it was the only copy. She broke down in tears. There was nothing he could do. Five years later, he wrote the first version of BackupAssist. Linus holds a Bachelor of Science in Computer Science and has held Microsoft Certified Solution Developer and Sun Certified Java Programmer credentials. More recently, he has completed digital forensics and cyber-security courses through the Black Hat Conference. He has spoken on information security and cryptography at Infosecurity Europe, addressed politicians and policymakers at Australian Parliament House, presented to SMB IT administrators at the IT Pro Experts Conference, and served as a guest lecturer to Cyber Security master's students at the University of Melbourne. On this blog, Linus writes about backup strategy and the technical side of cyber-resilience \u2014 drawing on 24 years of product development and direct conversation with the IT professionals BackupAssist is built for. [Connect with Linus on LinkedIn](https:\/\/www.linkedin.com\/in\/linuschang\/)","url":"https:\/\/www.sandbox.backupassist.com\/blog\/author\/linus-chang"}]}},"_links":{"self":[{"href":"https:\/\/www.sandbox.backupassist.com\/blog\/wp-json\/wp\/v2\/posts\/20460","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sandbox.backupassist.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sandbox.backupassist.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sandbox.backupassist.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sandbox.backupassist.com\/blog\/wp-json\/wp\/v2\/comments?post=20460"}],"version-history":[{"count":5,"href":"https:\/\/www.sandbox.backupassist.com\/blog\/wp-json\/wp\/v2\/posts\/20460\/revisions"}],"predecessor-version":[{"id":20468,"href":"https:\/\/www.sandbox.backupassist.com\/blog\/wp-json\/wp\/v2\/posts\/20460\/revisions\/20468"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sandbox.backupassist.com\/blog\/wp-json\/wp\/v2\/media\/20463"}],"wp:attachment":[{"href":"https:\/\/www.sandbox.backupassist.com\/blog\/wp-json\/wp\/v2\/media?parent=20460"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sandbox.backupassist.com\/blog\/wp-json\/wp\/v2\/categories?post=20460"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sandbox.backupassist.com\/blog\/wp-json\/wp\/v2\/tags?post=20460"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}