HOWTO Save Yourself From Ransomware Using btrfs

Ángel Ortega

All these things must be run as root on a btrfs filesystem.

First, create the working path:

mkdir -p /path/to/data/snaps

Then create a subvolume:

btrfs su create /path/to/data/current

This last path is where you and your lusers will save your crap (of course, remember to set appropriate permissions and ownerships; it works mostly as a regular directory).

Then, from a crontab or similar, run this:

btrfs su snapshot -r /path/to/data/current /path/to/data/snaps/$(date "+%Y%m%d")

And that's all. If/when the intruders encrypt your data and ask for a ransom, you still have pristine copies inside the snapshots. Not even root can modify these files, they are pure read-only; the only thing that can be done with the snapshots is to delete them, which you should do a periodical basis.

If Jeff Bezos got a nickel every time I misspell 'snapshot' as 'snaphost', he would be rich by now.

If you found this post useful, you may buy Ángel a coffee.