Availability for the Always-On Enterprise
Post Reply
samburdett
Novice
Posts: 9
Liked: 4 times
Joined: Jul 28, 2014 8:44 am
Full Name: Sam Burdett
Contact:

Feature Request - Password to Delete from disk

Post by samburdett » Apr 20, 2016 10:21 am

Hi all,

I have been seeing increasing numbers of sites being infected with cryptlocker like programs.
Unfortunately I have also seen these delete the contents of veeams backup repository. This has now been locked down only to allow access to the shares to unique accounts.
However, Veeam obviously still needs to read and write to the directory and so a way to circumvent the permissions would be to use the Delete from disk option within Veeam itself.
I was wondering if there are any plans (or even request) for a password to be configured on the delete from disk option?

Best regards
Sam

Shestakov
Veeam Software
Posts: 5924
Liked: 514 times
Joined: May 21, 2014 11:03 am
Full Name: Nikita Shestakov
Location: Prague
Contact:

Re: Feature Request - Password to Delete from disk

Post by Shestakov » Apr 20, 2016 11:06 am

Hi Sam,
I`m not sure there is such a thing in the future plans since it`s not the best way to be protected from such ransomware as CryptoLocker. Below is a good recommendation form Veeam VP
Gostev wrote:[But] here are some general recommendations:

1. Any separate storage device that is not directly write-accessible from compromised servers by industry-standard protocols (SMB, NFS) is "good enough" protection from CryptoLocker. But the storage device should use its own set of credentials (not from local directory, and not local accounts of the storage device). Additionally, you want that storage device located off-site. Cloud Connect service provider is ideal for this, and we actually have a recent success story posted on this forum where Cloud Connect saved the user from CryptoLocker.

2. I personally always recommend using tape whenever possible as the last line of defense. Even if it just a monthly export. Tape is true read-only storage that is also much more reliable than disk. I saw tape backups saving companies from worst disasters so many times... and, I also saw every line of comprehensive disk-based protection strategy failing miserably, leaving users with unrecoverable data loss.

Even more importantly, don't get too obsessed about CryptoLocker specifically. Upset employee deleting all your production data and backups is as likely, really. Storage-level corruption, fire, flood (including beer spill ;)) are also way more common than most think they are. So, always consider all threats to your data, don't get hung up on specific ones. And looking at the bigger picture, you will see that the only way to truly protect yourself from all threats is to have a read-only backup copy in a secure location off-site. All other solutions are cost/risk compromise.
Join the discussion for more information.
Thanks!

AJLB94
Lurker
Posts: 1
Liked: never
Joined: Feb 16, 2017 4:03 pm
Full Name: AJ
Contact:

Re: Feature Request - Password to Delete from disk

Post by AJLB94 » Feb 16, 2017 10:19 pm

With modern ransomware, this has become a critical must have not a request.

New ransomware criminals are now much smarter. They exploit security vulnerabilities and elevate to administrator level permissions. They then launch Veeam B & R and select 'delete from disk'. This makes both onsite and cloud connect offsite backups useless.

Keep in mind there are 2 different types of ransomware - user launched and server targeted exploits. User launched typically cannot delete backups as users should not have permission to access the backups. However server targeted exploits are not launched by end-users, they are expert hackers that elevate themselves to administrator and they then have access to do whatever they want.

An additional prompt for a separate set of 'delete password' credentials is critical to prevent this. A pin number sent via text message or similar 2 factor authentication would be even better.

Without this feature, no one can rely on Veeam to protect their data from ransomware.

Post Reply

Who is online

Users browsing this forum: No registered users and 45 guests