Create backup batch file to keep 1 month of files locally due to ransomware

Discussion in 'Scripting' started by cbsvitzer, Jul 24, 2016.

  1. cbsvitzer

    cbsvitzer MDL Novice

    Feb 4, 2010
    35
    13
    0
    I would like to create a batch file, that backs up locally so that it is possible at any time to get files back up to 1 month. That is because of the threat ransomware i posing. The last time a company was hit by that, 12 days had passed before I was informed. The local backup had therefore been overwritten with the encrypted files that on of the workers had caused-

    As there are up to 23 workdays in a month, I would like it to copy files from the first workday of the month to a folder named 1, copy files from workday 2 of the month to a folder named 2 and so forth

    There are of course also weekdays in a month but these should not be backed up since there is no activity.

    The workday of the month can be calculated this way:

    If the day is a Monday: day 1-3: workday=1, day 4-7: workday=date minus 2, day 8-10: workday=6, day 11-14: workday=date minus 4, day 15-17: workday=11, day 18-21: workday=date minus 6, day 22-24: workday=16, day 25-28: workday=date minus 8, day 29-31: workday=21

    If the day is a Tuesday: day 1: workday=1, day 2-4: workday=2, day 3-8: workday=date minus 2, day 9-11: workday=7, day 12-15: workday=date minus 4, day 16-18: workday=12, day 19-22: workday=date minus 6, day 23-25: workday=17, day 26-29: workday=date minus 8, date 30-31: workday=22

    If the day is a Wednesday: day 1-2: workday=date, day 3-5: workday=3, day 6-9: workday=date minus 2, day 10-12: workday=8, day 13-16: workday=date minus 4, day 17-19: workday=13, day 20-23: workday=date minus 6, day 24-26: workday=18, day 27-30: workday=date minus 8, day 31: workday=23

    If the day is a Thursday: day 1-3: workday=date, day 4-6: workday=4, day 7-10: workday=date minus 2, day 11-13: workday=9, day 14-17: workday=date minus 4, day 18-20: workday=14, day 21-24: workday=date minus 6, day 25-27: workday=19, day 28-31: date minus 8

    If the day is a Friday: day 1-4: workday=date, day 5-7: workday=5, day 8-11: workday=date minus 2, day 12-14: workday=10, day 15-18: workday=date minus 4, day 19-21: workday=15, day 22-25: workday=date minus 6, day 26-28: workday=20, day 29-31: workday=date minus 8

    Thanks
     
  2. cbsvitzer

    cbsvitzer MDL Novice

    Feb 4, 2010
    35
    13
    0
    Here is a working backup batch file that will keep one month of files.
    It will first determine the workday of the month and then copy alle files from the data drive (D:\Share ) to a folder on drive E:\ with the folder number corresponding to the workday of the month.
    The E: drive is an extra harddisk big enough to contain 23 days of backup. Fortunately huge harddiske are not expensive any more.
    So files from workday 1 will go to E:\1, files from workday 2 will go to E:\2 and so forth
    The backup is supposed to run in the evening from Monday to Friday after closing time.
    Copy that between the lines into the batch file (.bat or .cmd)

    ===========================================================================================
    @Echo Off
    SET workday=1

    Call :GetDate.Init
    Call :GetDate
    if %weekday%==1 ( if %day% GEQ 4 SET /A workday=%day%-2 )
    if %weekday%==1 ( if %day% GEQ 8 SET workday=6 )
    if %weekday%==1 ( if %day% GEQ 11 SET /A workday=%day%-4 )
    if %weekday%==1 ( if %day% GEQ 15 SET workday=11 )
    if %weekday%==1 ( if %day% GEQ 18 SET /A workday=%day%-6 )
    if %weekday%==1 ( if %day% GEQ 22 SET workday=16 )
    if %weekday%==1 ( if %day% GEQ 25 SET /A workday=%day%-8 )
    if %weekday%==1 ( if %day% GEQ 29 SET workday=21 )

    if %weekday%==2 ( if %day% GEQ 2 SET workday=2 )
    if %weekday%==2 ( if %day% GEQ 5 SET /A workday=%day%-2 )
    if %weekday%==2 ( if %day% GEQ 9 SET workday=7 )
    if %weekday%==2 ( if %day% GEQ 12 SET /A workday=%day%-4 )
    if %weekday%==2 ( if %day% GEQ 16 SET workday=12 )
    if %weekday%==2 ( if %day% GEQ 19 SET /A workday=%day%-6 )
    if %weekday%==2 ( if %day% GEQ 23 SET workday=17 )
    if %weekday%==2 ( if %day% GEQ 26 SET /A workday=%day%-8 )
    if %weekday%==2 ( if %day% GEQ 30 SET workday=22 )

    if %weekday%==3 ( if %day% GEQ 1 SET workday=%day% )
    if %weekday%==3 ( if %day% GEQ 3 SET workday=3 )
    if %weekday%==3 ( if %day% GEQ 6 SET /A workday=%day%-2 )
    if %weekday%==3 ( if %day% GEQ 10 SET workday=8 )
    if %weekday%==3 ( if %day% GEQ 13 SET /A workday=%day%-4 )
    if %weekday%==3 ( if %day% GEQ 17 SET workday=13 )
    if %weekday%==3 ( if %day% GEQ 20 SET /A workday=%day%-6 )
    if %weekday%==3 ( if %day% GEQ 24 SET workday=18 )
    if %weekday%==3 ( if %day% GEQ 27 SET /A workday=%day%-8 )
    if %weekday%==3 ( if %day% GEQ 31 SET workday=23 )

    if %weekday%==4 ( if %day% GEQ 1 SET workday=%day% )
    if %weekday%==4 ( if %day% GEQ 4 SET workday=4 )
    if %weekday%==4 ( if %day% GEQ 7 SET /A workday=%day%-2 )
    if %weekday%==4 ( if %day% GEQ 11 SET workday=9 )
    if %weekday%==4 ( if %day% GEQ 14 SET /A workday=%day%-4 )
    if %weekday%==4 ( if %day% GEQ 18 SET workday=14 )
    if %weekday%==4 ( if %day% GEQ 21 SET /A workday=%day%-6 )
    if %weekday%==4 ( if %day% GEQ 25 SET workday=19 )
    if %weekday%==4 ( if %day% GEQ 28 SET /A workday=%day%-8 )

    if %weekday%==5 ( if %day% GEQ 1 SET workday=%day% )
    if %weekday%==5 ( if %day% GEQ 5 SET workday=5 )
    if %weekday%==5 ( if %day% GEQ 8 SET /A workday=%day%-2 )
    if %weekday%==5 ( if %day% GEQ 12 SET workday=10 )
    if %weekday%==5 ( if %day% GEQ 15 SET /A workday=%day%-4 )
    if %weekday%==5 ( if %day% GEQ 19 SET workday=15 )
    if %weekday%==5 ( if %day% GEQ 22 SET /A workday=%day%-6 )
    if %weekday%==5 ( if %day% GEQ 26 SET workday=20 )
    if %weekday%==5 ( if %day% GEQ 29 SET /A workday=%day%-8 )

    robocopy D:\Share E:\%workday% /E /R:0 /PURGE
    del "%Temp%\~foo.ddf" /Q

    Goto :EOF

    :GetDate.Init
    Set /A "jan=1,feb=2,mar=3,apr=4,may=5,jun=6,jul=7,aug=8,sep=9,oct=10,nov=11,dec=12"
    Set /A "mon=1,tue=2,wed=3,thu=4,fri=5,sat=6,sun=7"
    (
    Echo .Set InfHeader=""
    Echo .Set InfSectionOrder=""
    Echo .Set InfFooter="%%2"
    Echo .Set InfFooter1=""
    Echo .Set InfFooter2=""
    Echo .Set InfFooter3=""
    Echo .Set InfFooter4=""
    Echo .Set Cabinet="OFF"
    Echo .Set Compress="OFF"
    Echo .Set DoNotCopyFiles="ON"
    Echo .Set RptFileName="NUL"
    ) >"%Temp%\~foo.ddf"
    Goto :Eof

    :GetDate
    Set "tf=%Temp%\~%random%"
    Makecab /D InfFileName="%tf%" /F "%Temp%\~foo.ddf" >NUL
    For /F "usebackq tokens=1-7 delims=: " %%a In ("%tf%") Do (
    Set /A "year=%%g,month=%%b,day=1%%c-100,weekday=%%a"
    Set /A "hour=1%%d-100,minute=1%%e-100,second=1%%f-100")
    Del "%tf%" >NUL 2>&1
    Goto :Eof
    ===========================================================================================
     
  3. pvdven777

    pvdven777 MDL Member

    Jul 4, 2010
    114
    29
    10
    Hey, Nice piece of batch file !
    I used to do a lot of this kind of stuff in factory test environments.

    Anyway, just wondering, if you are backing up locally wouldn't the ransomware also encrypt those backup files ? How is this meant to protect against that ? Would love to understand your concept because I think it's becoming a real plausible threat and it would be good to know if my own backup methods would hold up against it.
     
  4. cbsvitzer

    cbsvitzer MDL Novice

    Feb 4, 2010
    35
    13
    0
    The backup batch is supposed to run on the server. The backup folder on the server should not be shared on the LAN.
    Ransomware will infect the client pc's on the network and it will only have access to the shared folder on the server.
    In case that the malware spreads via the LAN to server, then of cause this procedure will not help. But I have not yet seen ransomware that spreads this way
     
  5. pvdven777

    pvdven777 MDL Member

    Jul 4, 2010
    114
    29
    10
    Just for sharing/comparison :

    I store most of my data directly onto a local, user access controlled, fileserver. This fileserver has an external USB harddrive attached to it onto which everything is mirrored nightly. This gives me the option to restore stuff in case stupid mistakes occur. Considering I'm the one with the most (critical) access rights I assume those kind of mistakes would be made by myself and not go unnoticed. I also say a prayer sometimes that the whole lot, including attached backup drive doesn't go up in flames or something like that :fear:

    In any case, if I don't notice the mistake in time I still potentially lose data.
    Your setup gives you multiple increments to turn back to. I would like that too.

    My challenge is that I am storing different kinds of data with different levels of importance. Making multiple backups will cost me relatively large amounts of storage but splitting stuff and using different types of backup routines for the different data subsets would make things more complex than I prefer them to be. I'm currently considering to just build a spare fileserver out of leftover parts that will mirror everything on a maybe weekly or monthly basis.
     
  6. cbsvitzer

    cbsvitzer MDL Novice

    Feb 4, 2010
    35
    13
    0
    Please remember that if you use robocopy then you can exclude files and directories of less important value:

    /XF file [file]... :: eXclude Files matching given names/paths/wildcards.
    /XD dirs [dirs]... :: eXclude Directories matching given names/paths.

    like video files and other big files