New ransomware that targets backups. Are we susceptible?

Availability for the Always-On Enterprise

Re: New ransomware that targets backups. Are we susceptible

Veeam Logoby dburris » Mon Feb 13, 2017 9:09 pm

What someone gains admin access to the Veeam B&R server, deletes the backups, and then encrypts files. I understand we could use external USB drives or tapes to keep the data safe. But what if we are relying on Veeam Cloud Connect for off-site backups. I see there is an option there too to "Delete from disk". Is there a way to keep the Veeam Cloud archives safe from in this scenario?

Thanks,
Dave
dburris
Novice
 
Posts: 6
Liked: never
Joined: Wed Jun 03, 2009 4:24 pm
Full Name: Dave Burris

Re: New ransomware that targets backups. Are we susceptible

Veeam Logoby Gostev » Tue Feb 14, 2017 12:35 am

Your service provider certainly can arrange that. One way that immediately comes to my mind is to setup periodic storage-based snapshots on backup repository.
Gostev
Veeam Software
 
Posts: 21054
Liked: 2271 times
Joined: Sun Jan 01, 2006 1:01 am
Full Name: Anton Gostev

Re: New ransomware that targets backups. Are we susceptible

Veeam Logoby thjones » Tue Feb 14, 2017 8:48 am

Is it enough to use windows defender as antimalware scanner on each computer? In addition, I can conduct strong password policy, update all antimalware and net protecting software, plus keep primary security rules https://www.bestvpnrating.com/blog/9-ti ... rd-snowden I mean if I maintains security system in decent order, will this new malware penetrate in the system or pass round?
thjones
Lurker
 
Posts: 1
Liked: never
Joined: Sat Dec 24, 2016 3:39 pm
Full Name: Kenneth

Re: New ransomware that targets backups. Are we susceptible

Veeam Logoby Gostev » Tue Feb 14, 2017 9:49 pm

Of course it would, because Windows Defender only carries signatures to known malware. If you're "lucky" to get a newly released one, it won't protect you.
Gostev
Veeam Software
 
Posts: 21054
Liked: 2271 times
Joined: Sun Jan 01, 2006 1:01 am
Full Name: Anton Gostev

Re: New ransomware that targets backups. Are we susceptible

Veeam Logoby lukejf » Wed Feb 15, 2017 3:51 am

hey guys
I see some of you are using non domain joined veeam servers. How do you go doing restores directly back to the servers. IE AD users, Mailbox objects. We found in version 8 it failed to complete file restores correctly unless it was on the domain.
We always use tape however would like some tips on securing the backup repository
lukejf
Service Provider
 
Posts: 31
Liked: 2 times
Joined: Tue Jul 10, 2012 8:15 am
Full Name: Luke

Re: New ransomware that targets backups. Are we susceptible

Veeam Logoby Mike Resseler » Wed Feb 15, 2017 6:54 am

Hi Luke,

Can't remember well how it was in v8, but today this should not be a problem. For example, see here https://helpcenter.veeam.com/docs/backu ... tml?ver=95 to recover AD objects where you can specify a particular username / pwd to connect to your AD for restore. Do note however that your networking must allow this so look at the requirements for ports also.

On the backup repository. I tend to use a specific account to connect to the backup repository. An account that isn't used for something else. Ransomware tends to run in a user context (the user that it used to start its bad things) so if that account is not used, it won't succeed in encrypting your backup files. Please don't forget to store that account / pwd somewhere in a safe (preferred outside the company premises) so that in worse case you have access to the files :-)
Mike Resseler
Veeam Software
 
Posts: 2639
Liked: 316 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler

Previous

Return to Veeam Backup & Replication



Who is online

Users browsing this forum: Google [Bot] and 28 guests