Standalone backup agent for Microsoft Windows servers and workstations (formerly Veeam Endpoint Backup FREE)
Post Reply
Delo123
Veteran
Posts: 361
Liked: 109 times
Joined: Dec 28, 2012 5:20 pm
Full Name: Guido Meijers
Contact:

Hey Veeam, thanks for saving my day... again!

Post by Delo123 » 6 people like this post

Some months ago a friend who owns a small car workshop called me when he had some issues with his business pc.
After checking it out it seemed to be bad firmware on the ssd (holding all data) but luckily it was a known issues and we could retrieve all data...
Anyway, i asked him about backups, he said sure, every day! Turned out his main application indeed made backups, to c:\backups.... :)
So we bought a USB Drive and installed Veeam endpoint protection, running happily ever after since....

Yesterday he send me following screenshot and asked me what this message is about.... !?
http://postimg.org/image/jomkw2qeh
I called him immediately to ask if his usb backup drive was plugged in, sure he said.....
Told him to shutdown and not to touch it... When i got there i checked the usb drive on another pc and got scared. In the backup folder, apart from the backup files there was also the 3 cryptolocker files :(
In the meantime i checked his pc holding all data and yes, everything was encrypted, all vss windows snapshots deleted :(
Tried to restore all file from the veeam backup from the day before the issue and veeam could actually mount the backup, so apparently it wasn't encrypted (yet???).
After that without even trying to save data on the pc i restored from the backup and bootet his pc without issue :) So all he's lost is a day of invoicing instead of his entire business :)

Will make some changes today (get rotating drive, setup eject after backup etc...) but geez..... thanks Veeam for saving my day and his business for free!
Dima P.
Product Manager
Posts: 14396
Liked: 1568 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Hey Veeam, thanks for saving my day... again!

Post by Dima P. » 1 person likes this post

Guido,

Your post made my day, thank you! Consider your post shared with all the Veeam Teeam :wink:
Gostev
Chief Product Officer
Posts: 31460
Liked: 6648 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Hey Veeam, thanks for saving my day... again!

Post by Gostev »

Yes, looks like that computer was turned off at just the right time, while CryptoLocker just started encrypting backup files, perhaps starting from the latest. This story makes me love the CryptoLocker protection feature of Veeam Endpoint Backup 1.5 even more ;) you can't encrypt backups if you can't reach the storage!
Delo123
Veteran
Posts: 361
Liked: 109 times
Joined: Dec 28, 2012 5:20 pm
Full Name: Guido Meijers
Contact:

Re: Hey Veeam, thanks for saving my day... again!

Post by Delo123 » 1 person likes this post

I actually don't know why the backups weren't encrypted, the only thing i can imagine is that they were actually locked since it's always reversed incremental with endpoint protection and the merge process was still running? The cryptolocker files were actually almost 10 hours old i noticed later... I really got scares wheni saw only one vbk and a lot of vib's, please add the option to create active or at least synthetic fulls in between...

Anyway, thx again, rotating hdd is now in place, and because of this we are also in the process of better protecting our main backup repositories in the office...
abecyprys
Novice
Posts: 3
Liked: 4 times
Joined: Oct 15, 2014 11:36 pm
Full Name: Abe Cyprys
Contact:

Re: Hey Veeam, thanks for saving my day... again!

Post by abecyprys » 2 people like this post

From my experience, the Cryptolocker virus only encrypts popular data files - like docs, spreadsheets, pictures, videos, but not much else.

So generally, your Veeam backup files should be safe. (for the moment)

Also - a rotating backup disk set is the best immunisation against total data loss.
maximilianp
Novice
Posts: 8
Liked: never
Joined: Sep 24, 2014 1:42 pm
Contact:

Re: Hey Veeam, thanks for saving my day... again!

Post by maximilianp »

After all that Ransomware, at home my wife an me are using a NAS for our Data. The NAS is backed up to a rotating USB drive. Yesterday i made a directory with access for one dedicated user for saving our Laptops with VEB.
All other users of the NAS are not allowed to read/write this directory. The user and password is configured in Endpoint Backup an not used for anything else.
Is this a save solution? Our Should additionaly add the Endpointbacktargetfolder to the backup-job of the NAS?

Thanx in advance!
Dima P.
Product Manager
Posts: 14396
Liked: 1568 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Hey Veeam, thanks for saving my day... again!

Post by Dima P. »

Hi guys,

If you are using a backup event ‘When backup storage it connected’ in conjunction with removable storage, I’d say ‘auto eject’ is a must. By the way, USB rotated media plays nice with these options making your removable storage even more bulletproof.

For shared folder destinations, proper set of credentials is still the #1 solution: set the dedicated ‘backup’ account and limit the regular end-user access to the backup location. User should be able to perform a file level recovery or even volume level recovery since the credentials are stored inside the VEB job properties.

VBR repository as a target can be configured in the similar way. One small addition – it's possible to set the domain computer account in permissions tab instead of dedicated user account. Do not forget that you can enable the backup encryption while using VBR as a backup destination.
maximilianp
Novice
Posts: 8
Liked: never
Joined: Sep 24, 2014 1:42 pm
Contact:

Re: Hey Veeam, thanks for saving my day... again!

Post by maximilianp »

Ok, this is how i configured it. Thanks for the Info!
Regards
Post Reply

Who is online

Users browsing this forum: No registered users and 30 guests