- Posts: 9
- Liked: 4 times
- Joined: Jul 28, 2014 8:44 am
- Full Name: Sam Burdett
I have been seeing increasing numbers of sites being infected with cryptlocker like programs.
Unfortunately I have also seen these delete the contents of veeams backup repository. This has now been locked down only to allow access to the shares to unique accounts.
However, Veeam obviously still needs to read and write to the directory and so a way to circumvent the permissions would be to use the Delete from disk option within Veeam itself.
I was wondering if there are any plans (or even request) for a password to be configured on the delete from disk option?
- Posts: 7328
- Liked: 773 times
- Joined: May 21, 2014 11:03 am
- Full Name: Nikita Shestakov
- Location: Prague
I`m not sure there is such a thing in the future plans since it`s not the best way to be protected from such ransomware as CryptoLocker. Below is a good recommendation form Veeam VP
Join the discussion for more information.Gostev wrote:[But] here are some general recommendations:
1. Any separate storage device that is not directly write-accessible from compromised servers by industry-standard protocols (SMB, NFS) is "good enough" protection from CryptoLocker. But the storage device should use its own set of credentials (not from local directory, and not local accounts of the storage device). Additionally, you want that storage device located off-site. Cloud Connect service provider is ideal for this, and we actually have a recent success story posted on this forum where Cloud Connect saved the user from CryptoLocker.
2. I personally always recommend using tape whenever possible as the last line of defense. Even if it just a monthly export. Tape is true read-only storage that is also much more reliable than disk. I saw tape backups saving companies from worst disasters so many times... and, I also saw every line of comprehensive disk-based protection strategy failing miserably, leaving users with unrecoverable data loss.
Even more importantly, don't get too obsessed about CryptoLocker specifically. Upset employee deleting all your production data and backups is as likely, really. Storage-level corruption, fire, flood (including beer spill ) are also way more common than most think they are. So, always consider all threats to your data, don't get hung up on specific ones. And looking at the bigger picture, you will see that the only way to truly protect yourself from all threats is to have a read-only backup copy in a secure location off-site. All other solutions are cost/risk compromise.
- Posts: 1
- Liked: never
- Joined: Feb 16, 2017 4:03 pm
- Full Name: AJ
New ransomware criminals are now much smarter. They exploit security vulnerabilities and elevate to administrator level permissions. They then launch Veeam B & R and select 'delete from disk'. This makes both onsite and cloud connect offsite backups useless.
Keep in mind there are 2 different types of ransomware - user launched and server targeted exploits. User launched typically cannot delete backups as users should not have permission to access the backups. However server targeted exploits are not launched by end-users, they are expert hackers that elevate themselves to administrator and they then have access to do whatever they want.
An additional prompt for a separate set of 'delete password' credentials is critical to prevent this. A pin number sent via text message or similar 2 factor authentication would be even better.
Without this feature, no one can rely on Veeam to protect their data from ransomware.
- Posts: 1
- Liked: never
- Joined: Sep 11, 2013 7:27 am
Users browsing this forum: Bing [Bot] and 20 guests