Standalone backup agent for Microsoft Windows servers and workstations (formerly Veeam Endpoint Backup FREE)
Post Reply
GLM
Influencer
Posts: 12
Liked: never
Joined: Jun 12, 2018 4:33 pm
Contact:

How to protect backup repository against ramsomware?

Post by GLM » Jun 25, 2018 7:43 am

Users are using VAW FREE to backup to a local attached USB disk. Each user is local admin (there are good reasons to maintain this very bad practice, I know about basic security). Is there any way to protect the backup repository (NTFS folder) against ramsomware/encryption trojans?

I think the malware, running with administrative privileges, can always change ACEs to gain write access.

Thank you in advance.

cata81
Novice
Posts: 5
Liked: 3 times
Joined: Jan 24, 2015 11:33 am
Full Name: Cristian
Contact:

Re: How to protect backup repository against ramsomware?

Post by cata81 » Jun 25, 2018 9:04 am 1 person likes this post

There's an auto-disconnect feature inside VAW, but I think it's risky because at the next reboot you'll find the disk attached... when it's possible I setup an hidden and different user/password network 's share where client do their backup, so the ransomware can act as local admin but can't access where the backups are stored (they should hack VAW to know where the password is stored).

Good luck!

GLM
Influencer
Posts: 12
Liked: never
Joined: Jun 12, 2018 4:33 pm
Contact:

Re: How to protect backup repository against ramsomware?

Post by GLM » Jun 25, 2018 12:44 pm

Hi cata81,

The auto-disconnected feature seems interesting, but I can't find the setting in VAW free.

Thank you.

Mike Resseler
Product Manager
Posts: 5584
Liked: 584 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: How to protect backup repository against ramsomware?

Post by Mike Resseler » Jun 25, 2018 12:46 pm 1 person likes this post

Hi GLM,

See her at point 5 in the manual: https://helpcenter.veeam.com/docs/agent ... tml?ver=21

GLM
Influencer
Posts: 12
Liked: never
Joined: Jun 12, 2018 4:33 pm
Contact:

Re: How to protect backup repository against ramsomware?

Post by GLM » Jun 25, 2018 1:07 pm

Hi Mike,

Now I see it.

Thank you all.

zadrian
Enthusiast
Posts: 77
Liked: 4 times
Joined: Jul 14, 2015 8:26 am
Contact:

Re: How to protect backup repository against ramsomware?

Post by zadrian » Jun 26, 2018 3:06 am

GLM wrote:Users are using VAW FREE to backup to a local attached USB disk. Each user is local admin (there are good reasons to maintain this very bad practice, I know about basic security). Is there any way to protect the backup repository (NTFS folder) against ramsomware/encryption trojans?

I think the malware, running with administrative privileges, can always change ACEs to gain write access.

Thank you in advance.
Sadly...I think you opened the gate wide open....
You now need to see if any of the "local admins" can access your domain controller or have domain admin rights as there is a high chance that your servers and repository can be infected by these users and not by Veeam directly.

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests