Backup File Server to DAS
-
@coliver said:
Would they do that? I've never heard of ransomware digging around for a UNC path. You could also setup the Veeam service to run as a different user account and give write access to that specific user.
CryptoWall will
-
I thought maybe. Any guess what it does to seek it out? Does it look in Veeam config files, just hunt through DNS, etc?
-
I would assume that having an account to access the NAS that is not a normal user or admin account will help so that only if the backup user is compromised that it can attack it?
-
@Jason said:
@coliver said:
Would they do that? I've never heard of ransomware digging around for a UNC path. You could also setup the Veeam service to run as a different user account and give write access to that specific user.
CryptoWall will
How does it discover it? If you are just putting the UNC path in the Veeam configuration then it should have no way of finding it. Even if it could find it if you lock it down to one specific user wouldn't that add a layer of protection? I'm asking hypothetically as I really don't know a lot about how this type of malware works.
-
@scottalanmiller said:
@IT-ADMIN said:
how to make a NAS not mapped, is it by using username and password right ??
Simply don't map it!
great, so i shouldn't create a map drive (pointing to NAS) in the server sending the backup to the NAS
-
@IT-ADMIN said:
@scottalanmiller said:
@IT-ADMIN said:
how to make a NAS not mapped, is it by using username and password right ??
Simply don't map it!
great, so i shouldn't create a map drive (pointing to NAS) in the server sending the backup to the NAS
We've made that clear from the beginning of the thread that mapping the NAS would instantly expose it like a DAS to Ransonware. That's been repeated over and over.
-
@coliver said:
How does it discover it?
UNC is easily discoverable, all it has to do is turn on network discovery and look for shares, and many companies likely leave it on.
-
Would hiding the shares with a $ make any difference in this situation?
-
@Dashrender said:
Would hiding the shares with a $ make any difference in this situation?
doubt it, that's not really hidden, it's up to the client device to hide it from the end user. Windows explorer hides it from the user. Linux and others do not.
-
@Jason said:
@Dashrender said:
Would hiding the shares with a $ make any difference in this situation?
doubt it, that's not really hidden, it's up to the client device to hide it from the end user. Windows explorer hides it from the user. Linux and others do not.
Which means that the ransomeware code is not going to hide it either. Likely it won't even notice that you've attempted to hide something. Much like MS Office security, open those files with something other than MS Office and that private data hidden in there is exposed in such a way that the people using it are not even aware that you thought that you were hiding it.
-
wow, those ransomware are scary, did anyone experience them ?? i think it is very rare to get affected by them ??
-
@IT-ADMIN said:
wow, those ransomware are scary, did anyone experience them ?? i think it is very rare to get affected by them ??
Very common, actually. Go on Spiceworks and someone gets one nearly once a week. They are the biggest threat in IT right now. It's VERY scary.
There is a reason why people are moving to fully decoupled backup systems across the board (never running the backup software from the same system.) Because they need the protection for normal issues like ransonware. Anything talking over DAS, NAS or SAN protocols is vulnerable, extremely vulnerable.
You ideally want stuff that is offline like tape but most make due with systems that at least have an air cap like Unitrends.
-
@scottalanmiller said:
@Jason said:
@Dashrender said:
Would hiding the shares with a $ make any difference in this situation?
doubt it, that's not really hidden, it's up to the client device to hide it from the end user. Windows explorer hides it from the user. Linux and others do not.
Which means that the ransomeware code is not going to hide it either. Likely it won't even notice that you've attempted to hide something. Much like MS Office security, open those files with something other than MS Office and that private data hidden in there is exposed in such a way that the people using it are not even aware that you thought that you were hiding it.
LOL - wow.. I didn't know that about that feature. I'll try to remember to remind others it's really a pointless feature.
-
@IT-ADMIN said:
@scottalanmiller said:
@IT-ADMIN said:
how to make a NAS not mapped, is it by using username and password right ??
Simply don't map it!
great, so i shouldn't create a map drive (pointing to NAS) in the server sending the backup to the NAS
You can configure that in Veeam so that it doesn't need the mapped drive. However, as others have mentioned, I would create an AD account specifically for backups. Create your share on the NAS so that only the backup account has access to it.
-
i think those ransomware engineers attack US businesses, because they know that the core economy reside in USA, they will not spend their time to attack worthless data of business in countries like qatar, lol
-
And backup the NAS to something that goes offline, like a USB external drive or tape.
-
@IT-ADMIN said:
i think those ransomware engineers attack US businesses, because they know that the core economy reside in USA, they will not spend their time to attack worthless data of business in countries like qatar, lol
That's not in any way how any of this works.
http://www.joeyoungblood.com/wp-content/uploads/2015/02/reddit-thats-not-how-this-works.jpg
-
hhhhhhhhhhhhhhhhhhhhhhhhhh
-
-
@IT-ADMIN said:
i think those ransomware engineers attack US businesses, because they know that the core economy reside in USA, they will not spend their time to attack worthless data of business in countries like qatar, lol
That you have said this makes you the absolute most likely candidate for this to happen to. This is the least secure thinking I could imagine.
Why do you feel that ransomware "targets" anyone? It does not. It hits everyone. EVERYONE. There is no concept of "don't take HIS money, he doesn't have a lot." That's crazy. They aren't going to waste their own time and effort avoiding you, if you can afford the ransom they will just shut you down and use you as an example to others. They have no way to know, nor would they care, that you are in Qatar.
Take a moment to empathize with ransomware writers, their goals, their effort, how this works. Clearly being in Qatar provides you absolutely zero protection from this. If anything it makes it far more likely because you do business with similar insecure companies.
