Discussions specific to the Microsoft Hyper-V hypervisor
Post Reply
JeWe
Enthusiast
Posts: 52
Liked: 7 times
Joined: Mar 04, 2013 2:41 pm
Contact:

Ransomware protection with Bitlocker

Post by JeWe »

Hi all,

regarding to protect data from ransomware, at least one backup should be available offsite. We use tape backup for our most important data, so we are happy with that. We also have not so very important data as bare metal backups from our physical servers, mostly just the Windows installation is backed up. These backups are also made with Veeam.

My idea:
We got two backup HyperV-Hosts, where our VMs are replicated to with B&R. I connect an external USB drive to one of these hosts, then I encrypt the whole partition from this drive with Bitlocker. As backup starts, it unlocks the drive at first, then it copies data to it. After backup, the drive is encrypted again. So I have an "offsite backup".
Would that be OK or is there an error in reasoning. Something I overlooked?

Regards,
Jens

soncscy
Expert
Posts: 146
Liked: 60 times
Joined: Aug 04, 2019 2:57 pm
Full Name: Harvey Carel
Contact:

Re: Ransomware protection with Bitlocker

Post by soncscy »

Hey JeWe,

I would not bank on this.

https://security.stackexchange.com/ques ... -bitlocker

Encrypting the backup with Bitlocker isn't the same as physically disconnecting the device. Trust me -- I've had this conversation with clients pre-mortem and post-mortem at least a few dozen times (almost hundreds?); the only safe backup is a disconnected one. If you aren't physically disconnecting the drives, they're vulnerable.

Mildur
Service Provider
Posts: 208
Liked: 70 times
Joined: May 13, 2017 4:51 pm
Contact:

Re: Ransomware protection with Bitlocker

Post by Mildur » 1 person likes this post

Bitlocker encrypted drives can be formatted.
Backup data will get removed this way.

Like soncsy said, this is a bad approach.
Only disconnected backups are reliable.

JeWe
Enthusiast
Posts: 52
Liked: 7 times
Joined: Mar 04, 2013 2:41 pm
Contact:

Re: Ransomware protection with Bitlocker

Post by JeWe »

OK, thanks to you both!

Glad, I've asked :-)

Post Reply

Who is online

Users browsing this forum: No registered users and 5 guests