Have a client hit by the latest version of ransomware and the backup files were included in the attack. I've never seen this before. Previous ransomware attacks veeam backup files I had encryption turned on were treated like .exe files and passed over by the ransomware. This is no longer the case with the latest version. My clients local backup BDR (backup / disastor / recovery) server was compromised and all veeam backup files were rendered useless after being encrypted with ransomware.
My question, is there a way to backup an alternate copy of a backup job so in the event of another attack the alternate backups are on a different drive, network, etc. One that the virus cannot spread to? The backups were saved on a mapped drive on the LAN and how they became compromised. Moving forward there needs to be a second repository separate from the original.
Some discuss the best way to assure backups are not affected are use an external drive that can be taken offsite every night. Although this sounds like a great idea it also feel's extremely cumbersome.
Good news our offsite backups were not affected. Recovery's been slow after finding out a seed drive is not an option from the data center we use which is another reason a local backup that is redundant but separate from the original repository would be extremely helpful.
Any feedback is appreciated.
-
WORKS2019
- Enthusiast
- Posts: 42
- Liked: 4 times
- Joined: May 27, 2019 4:25 pm
- Full Name: RJ Cowan
- Contact:
-
Gostev
- Chief Product Officer
- Posts: 31814
- Liked: 7302 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Alternate Backup Repository
Right, basically you need to keep a copy of your backups offline (also known as air-gapped backups), as any online storage can potentially be taken over by hackers using stolen credentials or some 0-day vulnerability.
Currently, most of our larger customers use tape, while small customers prefer rotated drives. You don't even have to take them offsite, since you already have offsite backups - just physically disconnect the external drive (or physically remove tapes from the library). This task can be handled even by the receptionist, and not cumbersome at all. We used this approach ourselves in early days of Veeam.
I also know of a few customers who use various creative solutions like automatically powering off the router leading to a backup repository, or powering off the repository itself. This is not too common though.
With v10, you can also copy backups to Amazon S3, and make them immutable for the specified amount of days. This is arguably the best solution, as this will not only protect your from hackers, but also from malicious insiders. Basically, only vaulting tapes with a 3rd party company provides the similar level of protection. But the latter has a drawback of potentially losing tapes during their transport (this happened to my bank once).
Currently, most of our larger customers use tape, while small customers prefer rotated drives. You don't even have to take them offsite, since you already have offsite backups - just physically disconnect the external drive (or physically remove tapes from the library). This task can be handled even by the receptionist, and not cumbersome at all. We used this approach ourselves in early days of Veeam.
I also know of a few customers who use various creative solutions like automatically powering off the router leading to a backup repository, or powering off the repository itself. This is not too common though.
With v10, you can also copy backups to Amazon S3, and make them immutable for the specified amount of days. This is arguably the best solution, as this will not only protect your from hackers, but also from malicious insiders. Basically, only vaulting tapes with a 3rd party company provides the similar level of protection. But the latter has a drawback of potentially losing tapes during their transport (this happened to my bank once).
Who is online
Users browsing this forum: No registered users and 14 guests