PCs Backup software that can isolate backup destination to protect from Ransomware virus.
-
@JaredBusch said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@scottalanmiller but this is not something that I will waste my time on. it is not any different than only buying hardware for now instead of for 5 years from now.
Yes this is an eventual attack vector, but it is not anything now.
I guess that I am only surprised that it is not a common vector already. But that's what I meant by the @Dashrender comment, he did the same thing to me last week and I said the same thing as you. I just realized that I was doing it here as well.
It's good to know that it could happen, good to know that no one is doing it yet and move on. So Veeam EP does not have any current attack vector like this? That's good to know, it's so obvious that I just assumed that it was being done regularly.
-
@scottalanmiller I imagine the hacker world operates like anything else: Don't work any harder than you have to. It appears the well of ransomware victimes is still deep and easily accessible, so why spend time actively exploiting what is, by comparison to the whole spectrum of ransomware victims, a niche case?
If and when the gravy train slows down for ransomware perpetrators, I imagine they'll get more vicious.
-
It's not a common infection vector today, and we have to ask ourselves why it's not.
Consider the following:
- how many machines are running local backup process that is really divorced from the logged on credentials?
- how many are running backups of local machines in the first place?
I don't backup any local machine in my office. All files are saved to a network location, that location is then backed up through an air gapped backup solution as mentioned by Scott.
Even if I was using a local client on the server to do backups, it's significantly more secure because the end user's infected machine shouldn't have an credentials that allow execution on the server.
-
@crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@scottalanmiller I imagine the hacker world operates like anything else: Don't work any harder than you have to. It appears the well of ransomware victimes is still deep and easily accessible, so why spend time actively exploiting what is, by comparison to the whole spectrum of ransomware victims, a niche case?
If and when the gravy train slows down for ransomware perpetrators, I imagine they'll get more vicious.
The evolution of cryptoware has been sky high. I don't suspect it will take that long before this avenue is attempted to be exploited.
-
@Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@scottalanmiller I imagine the hacker world operates like anything else: Don't work any harder than you have to. It appears the well of ransomware victimes is still deep and easily accessible, so why spend time actively exploiting what is, by comparison to the whole spectrum of ransomware victims, a niche case?
If and when the gravy train slows down for ransomware perpetrators, I imagine they'll get more vicious.
The evolution of cryptoware has been sky high. I don't suspect it will take that long before this avenue is attempted to be exploited.
It's gotta be coming soon.
-
@scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@Dashrender said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@scottalanmiller I imagine the hacker world operates like anything else: Don't work any harder than you have to. It appears the well of ransomware victimes is still deep and easily accessible, so why spend time actively exploiting what is, by comparison to the whole spectrum of ransomware victims, a niche case?
If and when the gravy train slows down for ransomware perpetrators, I imagine they'll get more vicious.
The evolution of cryptoware has been sky high. I don't suspect it will take that long before this avenue is attempted to be exploited.
It's gotta be coming soon.
I don't see this anything the same as buying hardware for 5 years down the line. The evolution of these crypto systems is nearly off the charts. If we are talking about it now, chances are the crypto writers thought of it months ago and area already working on it.
Moving to a gapped system for backup is really the wisest move. Sure it can have some costs - Veeam requires a Windows machine to run from (question - if you have SA or VDI for a Windows desktop license, would that be considered by those here as acceptable to run instead of Windows Server?)
If Veeam run on Linux it would be a much less costly solution - i.e. no Windows tax just to run it.
-
@scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
StorageCraft, Veeam, Unitrends, Datto... lots of options.
I see, most of them you mentioned seems to be for enterprise (we are smb), virtual (we have physical machines only), backup appliance included (which could be expensive than NAS) ?
-
@scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
The backup destination will be NAS box and we got around 100 PCs.
You must have a backup server in place between the PCs and the NAS in order to have any protection against ransomware, otherwise the ransomware can attack the NAS directly using the same permissions as the backup mechanism on the PCs.
I have really no idea about backup server (as I been in smb). I was just thinking of central management (which is a piece of software to monitor and manage centrally), I am not sure if that's the same.
Is that appliances (local/on-premises) coming with backup plans like Unitrends etc is called Backup Server ?
Thanks
-
@openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
StorageCraft, Veeam, Unitrends, Datto... lots of options.
I see, most of them you mentioned seems to be for enterprise (we are smb), virtual (we have physical machines only), backup appliance included (which could be expensive than NAS) ?
Unitrends, Datto and StorageCraft all focus on the SMB. All of those also focus on physical (agent.) Datto is the only one that is just an appliance. Veeam might focus on the enterprise but has free options for PCs.
I don't think that you looked into them very much
None of them are virtual only, not a single one. -
For desktop backups, you should look at AetherStore as well. Probably cheaper than a NAS, and better protection.
-
@scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
For desktop backups, you should look at AetherStore as well. Probably cheaper than a NAS, and better protection.
That new pricing come out yet?
-
@BRRABill said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
For desktop backups, you should look at AetherStore as well. Probably cheaper than a NAS, and better protection.
That new pricing come out yet?
Not officially, but it's available I think
@shannon can fill you in privately if you want to get up and running. -
@crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
The backup destination will be NAS box and we got around 100 PCs.
You must have a backup server in place between the PCs and the NAS in order to have any protection against ransomware, otherwise the ransomware can attack the NAS directly using the same permissions as the backup mechanism on the PCs.
NAS snapshots could mitigate this risk. Just like Exablox advertises Continuous Data Protection (CDP) as a remedy to ransomware - you can go back to any snapshot in 10 second intervals out until your retention policy limit (file level or share level).
Even basic QNAP and Synology boxes offer scheduled snapshots. Not necessarily a replacement for an intermediate backup server, just an option to consider.
I know about this option on QNAP, but unfortunately we need to have another NAS box to configure it (the snapshot cannot be set to in that NAS itself or any External HDD). Not sure about other brands.
So double cost in this case.
-
@JaredBusch said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
Also, to the OP's question... isn't any backup software capabl;e
@openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
- Software that can isolate backup destination to protect from ransom-ware so that PC got infected will not effect backup target.
Isn't any backup software capable of this? As long as your backup storage target has unique permissions that can't be mapped, browsed or written by any domain users, the software you choose is irrelevant.
How does software do that when it is running on the compromised machine?
Using veeam endpoint, I specify creds in the application. It does not connect to the nas with user creds.
Would be great if Veeam can help, but there is no central management with it, so difficult to manage around 100 pcs.
-
@openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@JaredBusch said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
Also, to the OP's question... isn't any backup software capabl;e
@openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
- Software that can isolate backup destination to protect from ransom-ware so that PC got infected will not effect backup target.
Isn't any backup software capable of this? As long as your backup storage target has unique permissions that can't be mapped, browsed or written by any domain users, the software you choose is irrelevant.
How does software do that when it is running on the compromised machine?
Using veeam endpoint, I specify creds in the application. It does not connect to the nas with user creds.
Would be great if Veeam can help, but there is no central management with it, so difficult to manage around 100 pcs.
Central Management options are in beta, so if you decide to go that route, you'll have central management very soon.
-
@openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@crustachio said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
@openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
The backup destination will be NAS box and we got around 100 PCs.
You must have a backup server in place between the PCs and the NAS in order to have any protection against ransomware, otherwise the ransomware can attack the NAS directly using the same permissions as the backup mechanism on the PCs.
NAS snapshots could mitigate this risk. Just like Exablox advertises Continuous Data Protection (CDP) as a remedy to ransomware - you can go back to any snapshot in 10 second intervals out until your retention policy limit (file level or share level).
Even basic QNAP and Synology boxes offer scheduled snapshots. Not necessarily a replacement for an intermediate backup server, just an option to consider.
I know about this option on QNAP, but unfortunately we need to have another NAS box to configure it (the snapshot cannot be set to in that NAS itself or any External HDD). Not sure about other brands.
So double cost in this case.
Snapshots should be local. I can't believe that QNAP has that limitation. But if it really does, just move to Synology or save more money with a SAM-SD and do it that way.
-
@scottalanmiller said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
For desktop backups, you should look at AetherStore as well. Probably cheaper than a NAS, and better protection.
Sure I will have look at.
-
Snapshots should be local. I can't believe that QNAP has that limitation. But if it really does, just move to Synology or save more money with a SAM-SD and do it that way.
What's this SAM-SD by the way ? As I understand by googling, it's custom self build linux machine for storage purpose ?
-
Central Management options are in beta, so if you decide to go that route, you'll have central management very soon.
I was informed about Centralized Mgmt, and seems they are planning to commercialize the Free Edition too by next year, so after setting up 100 PCs by thinking it's free and don't want get shocked by commercial price, so I wanted to go with other commercial software for backup.
-
@openit said in PCs Backup software that can isolate backup destination to protect from Ransomware virus.:
Central Management options are in beta, so if you decide to go that route, you'll have central management very soon.
I was informed about Centralized Mgmt, and seems they are planning to commercialize the Free Edition too by next year, so after setting up 100 PCs by thinking it's free and don't want get shocked by commercial price, so I wanted to go with other commercial software for backup.
No way are they commercializing the free version. Where did you hear that? That's not a good reason to not do this at all. There is no way that they would pull that stunt, and if you fear that you will fear it from any vendor, so you can't use any free product. Then you are stuck using paid... and are still in the same boat. So logically, avoiding the right product today because it might not be the right product tomorrow is a worthless logical exercise because the only possible result is to use nothing.
