ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    PCs Backup software that can isolate backup destination to protect from Ransomware virus.

    Scheduled Pinned Locked Moved IT Discussion
    170 Posts 9 Posters 30.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • crustachioC
      crustachio
      last edited by

      Don't forget you can define standalone service accounts for Veeam itself on the host machine. It doesn't have to run as the local user/admin/etc.

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @crustachio
        last edited by

        @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

        @scottalanmiller If CryptoLocker exists that can manipulate the binaries of backup software, we're all !@&ed

        I'm going out on a @Dashrender limb here (He knows what I mean) but I think we have to assume that this is either here, or right around the corner as a risk vector.

        DashrenderD crustachioC 2 Replies Last reply Reply Quote 1
        • DashrenderD
          Dashrender @scottalanmiller
          last edited by

          @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

          @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

          @scottalanmiller If CryptoLocker exists that can manipulate the binaries of backup software, we're all !@&ed

          I'm going out on a @Dashrender limb here (He knows what I mean) but I think we have to assume that this is either here, or right around the corner as a risk vector.

          LOL - for a min there I thought I missed a post you put up.

          Yeah, the ability to break into the app and pull out those credentials will be a thing. Just like how virus can disable antivirus software.

          scottalanmillerS 1 Reply Last reply Reply Quote 0
          • crustachioC
            crustachio @scottalanmiller
            last edited by

            @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

            @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

            @scottalanmiller If CryptoLocker exists that can manipulate the binaries of backup software, we're all !@&ed

            I'm going out on a @Dashrender limb here (He knows what I mean) but I think we have to assume that this is either here, or right around the corner as a risk vector.

            OK, I'll grant that. So what's your recommendation? You said earlier to put backup software on a machine in front of the NAS. Now what? 😄

            /devilsadvocate

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @Dashrender
              last edited by

              @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

              @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

              @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

              @scottalanmiller If CryptoLocker exists that can manipulate the binaries of backup software, we're all !@&ed

              I'm going out on a @Dashrender limb here (He knows what I mean) but I think we have to assume that this is either here, or right around the corner as a risk vector.

              LOL - for a min there I thought I missed a post you put up.

              Yeah, the ability to break into the app and pull out those credentials will be a thing. Just like how virus can disable antivirus software.

              LOL, yeah, I realized that I must be "projecting potential attack vectors rather than established ones".

              1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender
                last edited by

                You run a Veeam server. It connects to the computer in question, pulls the data off, and sends it to the NAS. Only the Veeam server has creds to talk to the NAS. As long as the Veeam server isn't infected, the NAS is safe.

                The Veeam server should have really good creds, be behind a firewall that prevents all communication except that that is absolutely required.

                1 Reply Last reply Reply Quote 1
                • scottalanmillerS
                  scottalanmiller @crustachio
                  last edited by

                  @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                  @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                  @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                  @scottalanmiller If CryptoLocker exists that can manipulate the binaries of backup software, we're all !@&ed

                  I'm going out on a @Dashrender limb here (He knows what I mean) but I think we have to assume that this is either here, or right around the corner as a risk vector.

                  OK, I'll grant that. So what's your recommendation? You said earlier to put backup software on a machine in front of the NAS. Now what? 😄

                  /devilsadvocate

                  It's an air gap, not quite as good as tape (physical air gap) but it is good.

                  PC -> Backup Machine -> Storage

                  The PC, no matter how compromised, has no permissions to the backup machine, the backup machine uses an agent or a pull method to get the data. Only the backup machine has access to the backup storage. The PC and the backup machine (server) share no credentials. So a compromise of the PC has no means of spreading to the Backup Machine.

                  This is different than a binary on the PC which must contain the push credentials for the backup storage and, if compromised, takes the storage with it.

                  1 Reply Last reply Reply Quote 0
                  • crustachioC
                    crustachio
                    last edited by

                    Oh right right. Derp. I was assuming we were talking about getting a hack on the backup host, but right, if it's on a user PC or whatever then yes, that gap is valuable.

                    1 Reply Last reply Reply Quote 0
                    • JaredBuschJ
                      JaredBusch
                      last edited by

                      @scottalanmiller but this is not something that I will waste my time on. it is not any different than only buying hardware for now instead of for 5 years from now.

                      Yes this is an eventual attack vector, but it is not anything now.

                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @JaredBusch
                        last edited by

                        @JaredBusch said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                        @scottalanmiller but this is not something that I will waste my time on. it is not any different than only buying hardware for now instead of for 5 years from now.

                        Yes this is an eventual attack vector, but it is not anything now.

                        I guess that I am only surprised that it is not a common vector already. But that's what I meant by the @Dashrender comment, he did the same thing to me last week and I said the same thing as you. I just realized that I was doing it here as well.

                        It's good to know that it could happen, good to know that no one is doing it yet and move on. So Veeam EP does not have any current attack vector like this? That's good to know, it's so obvious that I just assumed that it was being done regularly.

                        crustachioC 1 Reply Last reply Reply Quote 1
                        • crustachioC
                          crustachio @scottalanmiller
                          last edited by

                          @scottalanmiller I imagine the hacker world operates like anything else: Don't work any harder than you have to. It appears the well of ransomware victimes is still deep and easily accessible, so why spend time actively exploiting what is, by comparison to the whole spectrum of ransomware victims, a niche case?

                          If and when the gravy train slows down for ransomware perpetrators, I imagine they'll get more vicious.

                          DashrenderD 1 Reply Last reply Reply Quote 2
                          • DashrenderD
                            Dashrender
                            last edited by

                            It's not a common infection vector today, and we have to ask ourselves why it's not.

                            Consider the following:

                            1. how many machines are running local backup process that is really divorced from the logged on credentials?
                            2. how many are running backups of local machines in the first place?

                            I don't backup any local machine in my office. All files are saved to a network location, that location is then backed up through an air gapped backup solution as mentioned by Scott.

                            Even if I was using a local client on the server to do backups, it's significantly more secure because the end user's infected machine shouldn't have an credentials that allow execution on the server.

                            1 Reply Last reply Reply Quote 0
                            • DashrenderD
                              Dashrender @crustachio
                              last edited by

                              @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                              @scottalanmiller I imagine the hacker world operates like anything else: Don't work any harder than you have to. It appears the well of ransomware victimes is still deep and easily accessible, so why spend time actively exploiting what is, by comparison to the whole spectrum of ransomware victims, a niche case?

                              If and when the gravy train slows down for ransomware perpetrators, I imagine they'll get more vicious.

                              The evolution of cryptoware has been sky high. I don't suspect it will take that long before this avenue is attempted to be exploited.

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @Dashrender
                                last edited by

                                @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                @scottalanmiller I imagine the hacker world operates like anything else: Don't work any harder than you have to. It appears the well of ransomware victimes is still deep and easily accessible, so why spend time actively exploiting what is, by comparison to the whole spectrum of ransomware victims, a niche case?

                                If and when the gravy train slows down for ransomware perpetrators, I imagine they'll get more vicious.

                                The evolution of cryptoware has been sky high. I don't suspect it will take that long before this avenue is attempted to be exploited.

                                It's gotta be coming soon.

                                DashrenderD 1 Reply Last reply Reply Quote 0
                                • DashrenderD
                                  Dashrender @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                  @Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                  @crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                  @scottalanmiller I imagine the hacker world operates like anything else: Don't work any harder than you have to. It appears the well of ransomware victimes is still deep and easily accessible, so why spend time actively exploiting what is, by comparison to the whole spectrum of ransomware victims, a niche case?

                                  If and when the gravy train slows down for ransomware perpetrators, I imagine they'll get more vicious.

                                  The evolution of cryptoware has been sky high. I don't suspect it will take that long before this avenue is attempted to be exploited.

                                  It's gotta be coming soon.

                                  I don't see this anything the same as buying hardware for 5 years down the line. The evolution of these crypto systems is nearly off the charts. If we are talking about it now, chances are the crypto writers thought of it months ago and area already working on it.

                                  Moving to a gapped system for backup is really the wisest move. Sure it can have some costs - Veeam requires a Windows machine to run from (question - if you have SA or VDI for a Windows desktop license, would that be considered by those here as acceptable to run instead of Windows Server?)

                                  If Veeam run on Linux it would be a much less costly solution - i.e. no Windows tax just to run it.

                                  1 Reply Last reply Reply Quote 0
                                  • openitO
                                    openit @scottalanmiller
                                    last edited by

                                    @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                    StorageCraft, Veeam, Unitrends, Datto... lots of options.

                                    I see, most of them you mentioned seems to be for enterprise (we are smb), virtual (we have physical machines only), backup appliance included (which could be expensive than NAS) ?

                                    scottalanmillerS DustinB3403D 2 Replies Last reply Reply Quote 0
                                    • openitO
                                      openit @scottalanmiller
                                      last edited by

                                      @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                      @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                      The backup destination will be NAS box and we got around 100 PCs.

                                      You must have a backup server in place between the PCs and the NAS in order to have any protection against ransomware, otherwise the ransomware can attack the NAS directly using the same permissions as the backup mechanism on the PCs.

                                      I have really no idea about backup server (as I been in smb). I was just thinking of central management (which is a piece of software to monitor and manage centrally), I am not sure if that's the same.

                                      Is that appliances (local/on-premises) coming with backup plans like Unitrends etc is called Backup Server ?

                                      Thanks

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @openit
                                        last edited by scottalanmiller

                                        @openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                        @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                        StorageCraft, Veeam, Unitrends, Datto... lots of options.

                                        I see, most of them you mentioned seems to be for enterprise (we are smb), virtual (we have physical machines only), backup appliance included (which could be expensive than NAS) ?

                                        Unitrends, Datto and StorageCraft all focus on the SMB. All of those also focus on physical (agent.) Datto is the only one that is just an appliance. Veeam might focus on the enterprise but has free options for PCs.

                                        I don't think that you looked into them very much 🙂 None of them are virtual only, not a single one.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by

                                          For desktop backups, you should look at AetherStore as well. Probably cheaper than a NAS, and better protection.

                                          BRRABillB openitO 2 Replies Last reply Reply Quote 0
                                          • BRRABillB
                                            BRRABill @scottalanmiller
                                            last edited by BRRABill

                                            @scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:

                                            For desktop backups, you should look at AetherStore as well. Probably cheaper than a NAS, and better protection.

                                            That new pricing come out yet? 🙂 🙂 🙂

                                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 8
                                            • 9
                                            • 5 / 9
                                            • First post
                                              Last post