Hey Veeam, thanks for saving my day... again!

[Delo123]

Some months ago a friend who owns a small car workshop called me when he had some issues with his business pc.
After checking it out it seemed to be bad firmware on the ssd (holding all data) but luckily it was a known issues and we could retrieve all data...
Anyway, i asked him about backups, he said sure, every day! Turned out his main application indeed made backups, to c:\backups....
So we bought a USB Drive and installed Veeam endpoint protection, running happily ever after since....

Yesterday he send me following screenshot and asked me what this message is about.... !?
http://postimg.org/image/jomkw2qeh
I called him immediately to ask if his usb backup drive was plugged in, sure he said.....
Told him to shutdown and not to touch it... When i got there i checked the usb drive on another pc and got scared. In the backup folder, apart from the backup files there was also the 3 cryptolocker files
In the meantime i checked his pc holding all data and yes, everything was encrypted, all vss windows snapshots deleted
Tried to restore all file from the veeam backup from the day before the issue and veeam could actually mount the backup, so apparently it wasn't encrypted (yet???).
After that without even trying to save data on the pc i restored from the backup and bootet his pc without issue So all he's lost is a day of invoicing instead of his entire business

Will make some changes today (get rotating drive, setup eject after backup etc...) but geez..... thanks Veeam for saving my day and his business for free!

[Dima P.]

Guido,

Your post made my day, thank you! Consider your post shared with all the Veeam Teeam

[Gostev]

Yes, looks like that computer was turned off at just the right time, while CryptoLocker just started encrypting backup files, perhaps starting from the latest. This story makes me love the CryptoLocker protection feature of Veeam Endpoint Backup 1.5 even more you can't encrypt backups if you can't reach the storage!

[Delo123]

I actually don't know why the backups weren't encrypted, the only thing i can imagine is that they were actually locked since it's always reversed incremental with endpoint protection and the merge process was still running? The cryptolocker files were actually almost 10 hours old i noticed later... I really got scares wheni saw only one vbk and a lot of vib's, please add the option to create active or at least synthetic fulls in between...

Anyway, thx again, rotating hdd is now in place, and because of this we are also in the process of better protecting our main backup repositories in the office...

[abecyprys]

From my experience, the Cryptolocker virus only encrypts popular data files - like docs, spreadsheets, pictures, videos, but not much else.

So generally, your Veeam backup files should be safe. (for the moment)

Also - a rotating backup disk set is the best immunisation against total data loss.

[maximilianp]

After all that Ransomware, at home my wife an me are using a NAS for our Data. The NAS is backed up to a rotating USB drive. Yesterday i made a directory with access for one dedicated user for saving our Laptops with VEB.
All other users of the NAS are not allowed to read/write this directory. The user and password is configured in Endpoint Backup an not used for anything else.
Is this a save solution? Our Should additionaly add the Endpointbacktargetfolder to the backup-job of the NAS?

Thanx in advance!

[Dima P.]

Hi guys,

If you are using a backup event ‘When backup storage it connected’ in conjunction with removable storage, I’d say ‘auto eject’ is a must. By the way, USB rotated media plays nice with these options making your removable storage even more bulletproof.

For shared folder destinations, proper set of credentials is still the #1 solution: set the dedicated ‘backup’ account and limit the regular end-user access to the backup location. User should be able to perform a file level recovery or even volume level recovery since the credentials are stored inside the VEB job properties.

VBR repository as a target can be configured in the similar way. One small addition – it's possible to set the domain computer account in permissions tab instead of dedicated user account. Do not forget that you can enable the backup encryption while using VBR as a backup destination.

[maximilianp]

Ok, this is how i configured it. Thanks for the Info!
Regards