Ransomware protection with Bitlocker

[JeWe]

Hi all,

regarding to protect data from ransomware, at least one backup should be available offsite. We use tape backup for our most important data, so we are happy with that. We also have not so very important data as bare metal backups from our physical servers, mostly just the Windows installation is backed up. These backups are also made with Veeam.

My idea:
We got two backup HyperV-Hosts, where our VMs are replicated to with B&R. I connect an external USB drive to one of these hosts, then I encrypt the whole partition from this drive with Bitlocker. As backup starts, it unlocks the drive at first, then it copies data to it. After backup, the drive is encrypted again. So I have an "offsite backup".
Would that be OK or is there an error in reasoning. Something I overlooked?

Regards,
Jens

[soncscy]

Hey JeWe,

I would not bank on this.

https://security.stackexchange.com/ques ... -bitlocker

Encrypting the backup with Bitlocker isn't the same as physically disconnecting the device. Trust me -- I've had this conversation with clients pre-mortem and post-mortem at least a few dozen times (almost hundreds?); the only safe backup is a disconnected one. If you aren't physically disconnecting the drives, they're vulnerable.

[Mildur]

Bitlocker encrypted drives can be formatted.
Backup data will get removed this way.

Like soncsy said, this is a bad approach.
Only disconnected backups are reliable.

[JeWe]

OK, thanks to you both!

Glad, I've asked