Backed up files and Ransomware

costasppc · Post by **costasppc** » Jan 02, 2017 9:53 am this post

Hello,

Suppose we backup VMs using the free edition to a network share. In a ransomware breach, are the backed up files infected? Does the paid edition make difference with the free in that case?

Best regards

Kostas

Jan 02, 2017 10:10 am

Kostas,

It depends on the ransomware. We store our backups in a VBK format. If the ransomware actively targets that extension, then yes, the backup files itself can be infected.

There is no difference between the paid and free version. When you want to make sure that the backup files are not infected, you need to implement security on the file share so that the ransomware cannot use the current account from the VMs to browse the network. That's why you should look into a dedicated account to access the network share

Brgds,
Mike

costasppc · Post by **costasppc** » Jan 02, 2017 10:31 am this post

Thank you very much,

Thats what I will do in the 1st place, wondering if backup encryption from within the backup application will add an extra layer of security.

Best regards

Kostas

Jan 02, 2017 10:38 am

Kostas,

Encryption within the backup layer won't provide you with an additional defense against this specific threat. It does against other things. But ransomware can still encrypt an already encrypted file

Post by **Dima P.** » Jan 02, 2017 2:26 pm this post

wondering if backup encryption from within the backup application will add an extra layer of security.

More likely backup copy job to another backup location, backup to rotated media (and storing this media offline) or backup to tape will help to keep you backups safe.

costasppc · Post by **costasppc** » Jan 02, 2017 2:39 pm this post

Backup to another location is what we will use.

Best regards

Kostas

Jan 02, 2017 10:58 pm

General Tips for Backup Targets in such situations:
If you place Backups (and BCJ Backup Files) on Windows Repositories, do not add these Server to a domain. User other Windows accounts and passwords as usual. Only give Veeam the Username and password. Do not login from any other windows system to this server. Use a console connection if needed.

Place your backup on Linux Repositories that are as well not member of any domain or other central accessible system.

If you use CIFS shares or Dedup Devices. Only give Veeam the account. Do not add the share to the windows system and do not login/connect from any other system to it.

If possible you can create snapshots on the target storage system to have a "copy" that is not in the reach of any software/account.

Backup 2 Tape can protect you as well.

Post by **foggy** » Jan 03, 2017 1:04 pm this post

Another useful thread regarding similar matter.

Post by **ChrisSnell** » Jan 03, 2017 5:10 pm this post

One great way to protect your backups from ransomware is to use ExaGrid appliances with Veeam. Using the Veeam DataMover ensures that the only way to find the Veeam backups is through the Veeam GUI, they aren't visible on the network like normal. Veeam Accelerated Data Mover shares require a separate Veeam password and are accessible only via SSH, which also reduces the chance of malicious access to Veeam backups

R&D Forums

Backed up files and Ransomware

Re: Backed up files and Ransomware

Re: Backed up files and Ransomware

Re: Backed up files and Ransomware

Re: Backed up files and Ransomware

Re: Backed up files and Ransomware

Re: Backed up files and Ransomware

Re: Backed up files and Ransomware

Re: Backed up files and Ransomware

Who is online