How to protect backup repository against ramsomware?

[GLM]

Users are using VAW FREE to backup to a local attached USB disk. Each user is local admin (there are good reasons to maintain this very bad practice, I know about basic security). Is there any way to protect the backup repository (NTFS folder) against ramsomware/encryption trojans?

I think the malware, running with administrative privileges, can always change ACEs to gain write access.

Thank you in advance.

[cata81]

There's an auto-disconnect feature inside VAW, but I think it's risky because at the next reboot you'll find the disk attached... when it's possible I setup an hidden and different user/password network 's share where client do their backup, so the ransomware can act as local admin but can't access where the backups are stored (they should hack VAW to know where the password is stored).

Good luck!

[GLM]

Hi cata81,

The auto-disconnected feature seems interesting, but I can't find the setting in VAW free.

Thank you.

[Mike Resseler]

Hi GLM,

See her at point 5 in the manual: https://helpcenter.veeam.com/docs/agent ... tml?ver=21

[GLM]

Hi Mike,

Now I see it.

Thank you all.

[zadrian]

Users are using VAW FREE to backup to a local attached USB disk. Each user is local admin (there are good reasons to maintain this very bad practice, I know about basic security). Is there any way to protect the backup repository (NTFS folder) against ramsomware/encryption trojans?

I think the malware, running with administrative privileges, can always change ACEs to gain write access.

Thank you in advance.

Sadly...I think you opened the gate wide open....
You now need to see if any of the "local admins" can access your domain controller or have domain admin rights as there is a high chance that your servers and repository can be infected by these users and not by Veeam directly.