Ransomware and Tapes

[DCWhitworth]

Has anyone come across any instances of ransomware being able to attack tapes in a drive or multichanger ?

[wishr]

Hi David,

The best you can do to stay safe against such scenarios is to keep your tapes off the tape drive stored in a secured locked room having restricted access. Ransomware may not come alone. It can be supported by manual malicious actions allowing attackers to take full control over the tape devices. Just try to think about it from the risk perspective.

Thanks

[soncscy]

Truly, export your tapes and take them out. Tape should __NOT__ be set and forget, you need to be actively removing the tapes, else they're accessible to be erased.

Keep in mind, if the VM is hit by ransomware going into the backup and gets encrypted by the attacker, the backup is useless. Similarly, if the backup file itself is encrypted by ransomware going to tape, that backup is useless also, so you need to test and ensure that the backups are clean going out to tape.

Once it's on tape though, as soon as it's out of the hardware, your only concern is the tapes' physical health.