I know our fellow friends at Veeam tell us all the time why offsite backups are import, but here is one of the worse case scenarios that has just played out for a company in Australia,
While our server admin was distracted by the DDoS attack, the hackers simultaneously infiltrated the server, escalated their privileges and delivered a seek and destroy payload. This payload located and destroyed all backup disk drives....
Thanks for sharing! There's no better way to learn than on other people's mistake.
Offsite backups are indeed an important piece, however their primary role is recoveries from site-wide disasters like fire or flood. What you need to protect from scenarios above is air-gapped (offline) backups, while their physical location would not be as important for cyber-attack scenarios such as above. For example, if your off-site backups are not air-gapped, then they can be deleted just as easily as local backups.
It's true however that many users are combining off-site and air-gapped backups in one go. Most commonly this is done by using good old tape which is shipped off-site, however there are new ways with less management overhead as well - for example, by using Veeam Cloud Connect service provider with Insider Protection feature enabled.
Gostev wrote:
...It's true however that many users are combining off-site and air-gapped backups in one go. Most commonly this is done by using good old tape which is shipped off-site...
Unless you expect fire or flood coming at the same time as a Ransomware attack I don't think it's necessary to ship off-site the air-gapped backups if you already have online backups offsite. Correct?