We are investigating ransomware attack vectors in relation to our Veeam backup setup.
I have one specific scenario for which I am unsure if it really exists.
Are there known examples of ransomware in the wild which stays dormant and do not make themselves known but do actually encrypt all data in a transparent way (compare bitlocker encryption) so the enduser can still use its data? Such a type of ransomware only has to wait for the used backup retention period to make all available backups unusable (as all backups contain encrypted data).
Is this a real threat scenario we need to consider?
-
- Service Provider
- Posts: 49
- Liked: 3 times
- Joined: Apr 20, 2015 7:23 pm
- Contact:
-
- Enthusiast
- Posts: 60
- Liked: 30 times
- Joined: Dec 23, 2019 7:26 pm
- Full Name: Lick A Brick
- Contact:
Re: dormant ransomware?
Not sure if this type of ransomware exists. But VeeamOne should be able to detect this. If the VM is encrypted the data blocks change.
The next backup of the server would be a backup with a lot of changed data. If correctly configured VeeamOne can notify you about this sudden change in backup data.
The next backup of the server would be a backup with a lot of changed data. If correctly configured VeeamOne can notify you about this sudden change in backup data.
-
- Service Provider
- Posts: 49
- Liked: 3 times
- Joined: Apr 20, 2015 7:23 pm
- Contact:
Re: dormant ransomware?
Thank you for responding. I am aware of monitoring data change rate as a method of potentially detecting ransomware activity.
Maybe somebody from Veeam can share their experience if this type of dormant ransomware threat actually exists? Maybe I am just chasing ghosts in this...
Maybe somebody from Veeam can share their experience if this type of dormant ransomware threat actually exists? Maybe I am just chasing ghosts in this...
-
- Service Provider
- Posts: 49
- Liked: 3 times
- Joined: Apr 20, 2015 7:23 pm
- Contact:
Re: dormant ransomware?
Is there anybody else who can share their views on this dormant ransomware threat scenario? Or should I open a support case for this type of question?
Who is online
Users browsing this forum: HenkeZan and 131 guests