NAS snapshots enabled but ransomware still encrypted share

MSP Toolkit
Minimal guidance for messy support realities.
Submitted by Anonymous (not verified) on

Scenario

A client assumed snapshots guaranteed safety, yet ransomware still damaged the primary share and some recovery points.

Recommended Resolution Path

  1. Separate immutable backup strategy from writable snapshot convenience.
  2. Review snapshot retention, replication, and access control to the snapshot store.
  3. Ensure compromised admin credentials cannot delete recovery points.
  4. Test restore speed and scope before calling the environment resilient.

Technician Notes

Confirm the business impact, document the root cause, and capture any preventative follow-up in the PSA or client knowledge base.

Subjects
Servers & Infrastructure
Storage & NAS
Security & Continuity
Encryption