Backed up files and Ransomware

Availability for the Always-On Enterprise

Backed up files and Ransomware

Veeam Logoby costasppc » Mon Jan 02, 2017 9:53 am

Hello,

Suppose we backup VMs using the free edition to a network share. In a ransomware breach, are the backed up files infected? Does the paid edition make difference with the free in that case?

Best regards

Kostas
costasppc
Influencer
 
Posts: 11
Liked: never
Joined: Sun Mar 30, 2014 2:39 pm
Full Name: Kostas Backas

Re: Backed up files and Ransomware

Veeam Logoby Mike Resseler » Mon Jan 02, 2017 10:10 am

Kostas,

It depends on the ransomware. We store our backups in a VBK format. If the ransomware actively targets that extension, then yes, the backup files itself can be infected.

There is no difference between the paid and free version. When you want to make sure that the backup files are not infected, you need to implement security on the file share so that the ransomware cannot use the current account from the VMs to browse the network. That's why you should look into a dedicated account to access the network share

Brgds,
Mike
Mike Resseler
Veeam Software
 
Posts: 3161
Liked: 362 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler

Re: Backed up files and Ransomware

Veeam Logoby costasppc » Mon Jan 02, 2017 10:31 am

Thank you very much,

Thats what I will do in the 1st place, wondering if backup encryption from within the backup application will add an extra layer of security.

Best regards

Kostas
costasppc
Influencer
 
Posts: 11
Liked: never
Joined: Sun Mar 30, 2014 2:39 pm
Full Name: Kostas Backas

Re: Backed up files and Ransomware

Veeam Logoby Mike Resseler » Mon Jan 02, 2017 10:38 am

Kostas,

Encryption within the backup layer won't provide you with an additional defense against this specific threat. It does against other things. But ransomware can still encrypt an already encrypted file
Mike Resseler
Veeam Software
 
Posts: 3161
Liked: 362 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler

Re: Backed up files and Ransomware

Veeam Logoby Dima P. » Mon Jan 02, 2017 2:26 pm

wondering if backup encryption from within the backup application will add an extra layer of security.

More likely backup copy job to another backup location, backup to rotated media (and storing this media offline) or backup to tape will help to keep you backups safe.
Dima P.
Veeam Software
 
Posts: 6249
Liked: 440 times
Joined: Mon Feb 04, 2013 2:07 pm
Location: SPb
Full Name: Dmitry Popov

Re: Backed up files and Ransomware

Veeam Logoby costasppc » Mon Jan 02, 2017 2:39 pm

Backup to another location is what we will use.

Best regards

Kostas
costasppc
Influencer
 
Posts: 11
Liked: never
Joined: Sun Mar 30, 2014 2:39 pm
Full Name: Kostas Backas

Re: Backed up files and Ransomware

Veeam Logoby Andreas Neufert » Mon Jan 02, 2017 10:58 pm

General Tips for Backup Targets in such situations:
If you place Backups (and BCJ Backup Files) on Windows Repositories, do not add these Server to a domain. User other Windows accounts and passwords as usual. Only give Veeam the Username and password. Do not login from any other windows system to this server. Use a console connection if needed.

Place your backup on Linux Repositories that are as well not member of any domain or other central accessible system.

If you use CIFS shares or Dedup Devices. Only give Veeam the account. Do not add the share to the windows system and do not login/connect from any other system to it.

If possible you can create snapshots on the target storage system to have a "copy" that is not in the reach of any software/account.

Backup 2 Tape can protect you as well.
Andreas Neufert
Veeam Software
 
Posts: 2201
Liked: 360 times
Joined: Wed May 04, 2011 8:36 am
Location: Germany
Full Name: @AndyandtheVMs Veeam PM

Re: Backed up files and Ransomware

Veeam Logoby foggy » Tue Jan 03, 2017 1:04 pm

Another useful thread regarding similar matter.
foggy
Veeam Software
 
Posts: 14743
Liked: 1081 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: Backed up files and Ransomware

Veeam Logoby ChrisSnell » Tue Jan 03, 2017 5:10 pm

One great way to protect your backups from ransomware is to use ExaGrid appliances with Veeam. Using the Veeam DataMover ensures that the only way to find the Veeam backups is through the Veeam GUI, they aren't visible on the network like normal. Veeam Accelerated Data Mover shares require a separate Veeam password and are accessible only via SSH, which also reduces the chance of malicious access to Veeam backups
ChrisSnell
Technology Partner
 
Posts: 116
Liked: 14 times
Joined: Mon Feb 28, 2011 5:20 pm
Full Name: Chris Snell


Return to Veeam Backup & Replication



Who is online

Users browsing this forum: aqvmin, Bing [Bot], david.m, tim.hudson, v.Eremin, Yahoo [Bot] and 57 guests