Hey Veeam, thanks for saving my day... again!

Backup agent for Microsoft Windows servers and workstations (formerly Veeam Endpoint Backup FREE)

Hey Veeam, thanks for saving my day... again!

Veeam Logoby Delo123 » Fri Mar 18, 2016 8:36 am 6 people like this post

Some months ago a friend who owns a small car workshop called me when he had some issues with his business pc.
After checking it out it seemed to be bad firmware on the ssd (holding all data) but luckily it was a known issues and we could retrieve all data...
Anyway, i asked him about backups, he said sure, every day! Turned out his main application indeed made backups, to c:\backups.... :)
So we bought a USB Drive and installed Veeam endpoint protection, running happily ever after since....

Yesterday he send me following screenshot and asked me what this message is about.... !?
http://postimg.org/image/jomkw2qeh
I called him immediately to ask if his usb backup drive was plugged in, sure he said.....
Told him to shutdown and not to touch it... When i got there i checked the usb drive on another pc and got scared. In the backup folder, apart from the backup files there was also the 3 cryptolocker files :(
In the meantime i checked his pc holding all data and yes, everything was encrypted, all vss windows snapshots deleted :(
Tried to restore all file from the veeam backup from the day before the issue and veeam could actually mount the backup, so apparently it wasn't encrypted (yet???).
After that without even trying to save data on the pc i restored from the backup and bootet his pc without issue :) So all he's lost is a day of invoicing instead of his entire business :)

Will make some changes today (get rotating drive, setup eject after backup etc...) but geez..... thanks Veeam for saving my day and his business for free!
Delo123
Expert
 
Posts: 348
Liked: 94 times
Joined: Fri Dec 28, 2012 5:20 pm
Full Name: Guido Meijers

Re: Hey Veeam, thanks for saving my day... again!

Veeam Logoby Dima P. » Fri Mar 18, 2016 8:50 am 1 person likes this post

Guido,

Your post made my day, thank you! Consider your post shared with all the Veeam Teeam :wink:
Dima P.
Veeam Software
 
Posts: 6239
Liked: 440 times
Joined: Mon Feb 04, 2013 2:07 pm
Location: SPb
Full Name: Dmitry Popov

Re: Hey Veeam, thanks for saving my day... again!

Veeam Logoby Gostev » Fri Mar 18, 2016 1:38 pm

Yes, looks like that computer was turned off at just the right time, while CryptoLocker just started encrypting backup files, perhaps starting from the latest. This story makes me love the CryptoLocker protection feature of Veeam Endpoint Backup 1.5 even more ;) you can't encrypt backups if you can't reach the storage!
Gostev
Veeam Software
 
Posts: 21390
Liked: 2349 times
Joined: Sun Jan 01, 2006 1:01 am
Location: Baar, Switzerland

Re: Hey Veeam, thanks for saving my day... again!

Veeam Logoby Delo123 » Sun Mar 20, 2016 11:45 pm 1 person likes this post

I actually don't know why the backups weren't encrypted, the only thing i can imagine is that they were actually locked since it's always reversed incremental with endpoint protection and the merge process was still running? The cryptolocker files were actually almost 10 hours old i noticed later... I really got scares wheni saw only one vbk and a lot of vib's, please add the option to create active or at least synthetic fulls in between...

Anyway, thx again, rotating hdd is now in place, and because of this we are also in the process of better protecting our main backup repositories in the office...
Delo123
Expert
 
Posts: 348
Liked: 94 times
Joined: Fri Dec 28, 2012 5:20 pm
Full Name: Guido Meijers

Re: Hey Veeam, thanks for saving my day... again!

Veeam Logoby abecyprys » Sun Mar 20, 2016 11:51 pm 2 people like this post

From my experience, the Cryptolocker virus only encrypts popular data files - like docs, spreadsheets, pictures, videos, but not much else.

So generally, your Veeam backup files should be safe. (for the moment)

Also - a rotating backup disk set is the best immunisation against total data loss.
abecyprys
Lurker
 
Posts: 2
Liked: 2 times
Joined: Wed Oct 15, 2014 11:36 pm
Full Name: Abe Cyprys

Re: Hey Veeam, thanks for saving my day... again!

Veeam Logoby maximilianp » Mon Mar 21, 2016 10:02 am

After all that Ransomware, at home my wife an me are using a NAS for our Data. The NAS is backed up to a rotating USB drive. Yesterday i made a directory with access for one dedicated user for saving our Laptops with VEB.
All other users of the NAS are not allowed to read/write this directory. The user and password is configured in Endpoint Backup an not used for anything else.
Is this a save solution? Our Should additionaly add the Endpointbacktargetfolder to the backup-job of the NAS?

Thanx in advance!
maximilianp
Novice
 
Posts: 8
Liked: never
Joined: Wed Sep 24, 2014 1:42 pm

Re: Hey Veeam, thanks for saving my day... again!

Veeam Logoby Dima P. » Mon Mar 21, 2016 1:44 pm

Hi guys,

If you are using a backup event ‘When backup storage it connected’ in conjunction with removable storage, I’d say ‘auto eject’ is a must. By the way, USB rotated media plays nice with these options making your removable storage even more bulletproof.

For shared folder destinations, proper set of credentials is still the #1 solution: set the dedicated ‘backup’ account and limit the regular end-user access to the backup location. User should be able to perform a file level recovery or even volume level recovery since the credentials are stored inside the VEB job properties.

VBR repository as a target can be configured in the similar way. One small addition – it's possible to set the domain computer account in permissions tab instead of dedicated user account. Do not forget that you can enable the backup encryption while using VBR as a backup destination.
Dima P.
Veeam Software
 
Posts: 6239
Liked: 440 times
Joined: Mon Feb 04, 2013 2:07 pm
Location: SPb
Full Name: Dmitry Popov

Re: Hey Veeam, thanks for saving my day... again!

Veeam Logoby maximilianp » Tue Mar 22, 2016 4:21 am

Ok, this is how i configured it. Thanks for the Info!
Regards
maximilianp
Novice
 
Posts: 8
Liked: never
Joined: Wed Sep 24, 2014 1:42 pm


Return to Veeam Agent for Windows



Who is online

Users browsing this forum: No registered users and 21 guests