Nov 23

Protect your Backup against Ransomware

Regular backups of all data, including data on file servers, infrastructure, and critical business applications should be performed. Keep in mind that these backups can also be affected by ransomware. Protect your backup against Ransomware. Indeed, more and more cybercriminals seek to attack backups to limit the possibilities for the victim to find his data and thus maximize the chances that he pays the ransom. These backups, at least for the most critical, must be disconnected from the Information System to prevent their encryption, like other files. The use of “cold storage” solutions, such as external hard drives or magnetic Tapes, can protect backups from infection of systems and preserve critical data upon recovery. In this regard, it is important to note that “backup-less” architectures (snapshots) effectively protect against the destruction of isolated data, when it is due to a hardware failure. However, they do not protect against targeted ransomware attacks because the attackers work to encrypt data on all servers.

 

Important things to protect your Backup Server:

First, your backup servers should never ever be accessible from the Internet. Outbound connectivity from a backup server is usually not a problem and is often required unless you are willing to sacrifice functionality like product update check, license auto-update, licensing usage reporting of Veeam service providers, and such. However, there’s simply no good reason to allow inbound connectivity from the Internet to your backup servers period.

Second, make sure the account used for RDP access does not have “Local Administrator” privileges on the jump box. There is simply no good reason for it to have such privileges, except if you want to help the hacker out. It easy is to fetch and decrypt passwords protected with the machine key from Veeam (or any other management software) if you can log in to the management server, and this is what jump box does solve. However, having “Local Administrator” privileges on the compromised jump box also allows a hacker to steal various LSA secrets, or even powerful domain credentials from some service account that you missed (or added later). Not to mention this also enables the installation of key loggers and advanced hacking tools, because having penetrated into your network perimeter, smart hackers always take time to collect additional information before executing the actual attack.

Third, never use saved credentials functionality for RDP or other remote console connections on your jump box because if your access account gets compromised, you don’t want the hacker to be able to immediately access other environments under some almighty credentials conveniently saved by you.

Finally, build your architecture “Secure by design”: Hardening, let your backup server and repositories outside the domain, Flow matrix, governance, sensibilization, Perimeter Defense (Gateways, Firewalls, Proxies, etc.), Access Management, Active Directory monitoring (alert in real-time), deliverables, etc. .

Please follow and like us:
fb-share-icon
Tweet

Christopher GLEMOT

CTO | Technical specialist around Data Management, Security, Cyber Security, Cyber Resilience, Backup, Disaster Recovery, Multi-Cloud, and Storage | Veeam Vanguard | Varonis Elite | Owner of original-network.com

Advertisement

14 pings

Skip to comment form

  1. […] Veeam Software, ExaGrid, Quantum and Monaco Digital – Avangarde (Secure IT Live #1 – Protect your Backup). Topic: Building a backup architecture Secure by design (tips), and protecting against ransomware […]

  2. […]   Step by Step Guide Veeam B&R 11 Upgrade: Guide. Veeam CDP and Application consistency: Blog Post. Veeam improves the engine in version 11: Blog Post. Veeam B&R v11 and ReFS: Blog Post. Veeam B&R 11 – Continuous Data Protection: Blog Post. Microsoft Teams Backup with VBO v5: Blog Post. Protect your Backup against Ransomware: Blog Post. […]

  3. […]   Step by Step Guide Veeam B&R 11 Upgrade: Guide. Veeam CDP and Application consistency: Blog Post. Veeam improves the engine in version 11: Blog Post. Veeam B&R v11 and ReFS: Blog Post. Veeam B&R 11 – Continuous Data Protection: Blog Post. Microsoft Teams Backup with VBO v5: Blog Post. Protect your Backup against Ransomware: Blog Post. […]

  4. […] your Backup Server and integrating Trusted Repository Storage, Offline Backup (Tape, example: Quantum Active Vault) or […]

  5. […] Backup your systems, your backup solution must be secure by design and respect the 3-2-1 rules. More informations here: https://original-network.com/protect-your-backup-against-ransomware […]

  6. […]   Backup with Trusted Repository Storage: Blog Post. Protect your Backup against Ransomware: Blog Post. […]

  7. […]   [PODCAST] Veeam User Group France #1: Record Veeam is not affected by Log4J vulnerability: Blog Post Conti initiates their attacks on Backup: Blog Post Backup with Trusted Repository Storage: Blog Post. Step by Step Guide Veeam B&R 11 Upgrade: Guide. Veeam CDP and Application consistency: Blog Post. Veeam improves the engine in version 11: Blog Post. Veeam B&R v11 and ReFS: Blog Post. Veeam B&R 11 – Continuous Data Protection: Blog Post. Microsoft Teams Backup with VBO v5: Blog Post. Protect your Backup against Ransomware: Blog Post. […]

  8. […]   [PODCAST] Veeam User Group France #1: Record Veeam is not affected by Log4J vulnerability: Blog Post Conti initiates their attacks on Backup: Blog Post Backup with Trusted Repository Storage: Blog Post. Step by Step Guide Veeam B&R 11 Upgrade: Guide. Veeam CDP and Application consistency: Blog Post. Veeam improves the engine in version 11: Blog Post. Veeam B&R v11 and ReFS: Blog Post. Veeam B&R 11 – Continuous Data Protection: Blog Post. Microsoft Teams Backup with VBO v5: Blog Post. Protect your Backup against Ransomware: Blog Post. […]

  9. […]   Wasabi – Object Lock feature spotlight: Blog post Veeam and the S3-compatible object storage solutions: Blog Post [PODCAST] Veeam User Group France #1: Record Veeam is not affected by Log4J vulnerability: Blog Post Conti initiates their attacks on Backup: Blog Post Backup with Trusted Repository Storage: Blog Post. Protect your Backup against Ransomware: Blog Post. […]

  10. […] Post Backup with Trusted Repository Storage: Blog Post. Protect your Backup against Ransomware: Blog Post. Step by Step Guide Veeam B&R 11 Upgrade: Guide. Protect your Backup against Ransomware: […]

  11. […] Identify a piece of malware with Yara: Blog Post Building a SOC: Blog Post List of vendors and software affected by the OpenSSL vulnerability: Blog Post Critical OpenSSL Vulnerability version 3.0: Blog Post Veeam v12 Linux Without SSH And SUDO: Blog PostHardened Repository in Veeam v12: Blog Post Wasabi Object Storage Usage with Veeam B&R v12: Blog Post VeeaMover in v12: Blog Post Ransomware & Cybersecurity with Veeam v12: Blog Post Why backup directly to Object Storage? Blog Post Veeam B&R v12 New Features Overview: Blog Post [REPLAY] Webinar Veeam v12 and Wasabi: Replay Protect your data with Veeam and Wasabi: Blog post Wasabi – Object Lock feature spotlight: Blog post Veeam and the S3-compatible object storage solutions: Blog Post [PODCAST] VeeamUser Group France #1: Record Conti initiates their attacks on Backup: Blog Post Backup with Trusted Repository Storage: Blog Post. Protect your Backup against Ransomware: Blog Post […]

  12. […] Critical Fortigate VPN SSL Vulnerability – CVE-2022-42475: Blog Post The core function of a SOC: Blog Post Play ransomware infection routine: Blog Post Identify a piece of malware with Yara: Blog Post New Veeam v12 Platform Overview: Blog Post OpenSSL patch (v3.0.7) for Vulnerability 2022: Blog Post Building a SOC: Blog Post List of vendors and software affected by the OpenSSL vulnerability: Blog Post Critical OpenSSL Vulnerability version 3.0: Blog Post Veeam v12 Linux Without SSH And SUDO: Blog PostHardened Repository in Veeam v12: Blog Post Wasabi Object Storage Usage with Veeam B&R v12: Blog Post VeeaMover in v12: Blog Post Ransomware & Cybersecurity with Veeam v12: Blog Post Why backup directly to Object Storage? Blog Post Veeam B&R v12 New Features Overview: Blog Post [REPLAY] Webinar Veeam v12 and Wasabi: Replay Protect your data with Veeam and Wasabi: Blog post Wasabi – Object Lock feature spotlight: Blog post Veeam and the S3-compatible object storage solutions: Blog Post [PODCAST] VeeamUser Group France #1: Record Conti initiates their attacks on Backup: Blog Post Backup with Trusted Repository Storage: Blog Post. Protect your Backup against Ransomware: Blog Post […]

  13. […] Important Vulnerability in VMware ESXi: Blog Post The core function of a SOC: Blog Post Play ransomware infection routine: Blog Post Identify a piece of malware with Yara: Blog Post New Veeam v12 Platform Overview: Blog Post OpenSSL patch (v3.0.7) for Vulnerability 2022: Blog Post Building a SOC: Blog Post List of vendors and software affected by the OpenSSL vulnerability: Blog Post Critical OpenSSL Vulnerability version 3.0: Blog Post Veeam v12 Linux Without SSH And SUDO: Blog PostHardened Repository in Veeam v12: Blog Post Wasabi Object Storage Usage with Veeam B&R v12: Blog Post VeeaMover in v12: Blog Post Ransomware & Cybersecurity with Veeam v12: Blog Post Why backup directly to Object Storage? Blog Post Veeam B&R v12 New Features Overview: Blog Post [REPLAY] Webinar Veeam v12 and Wasabi: Replay Protect your data with Veeam and Wasabi: Blog post Wasabi – Object Lock feature spotlight: Blog post Veeam and the S3-compatible object storage solutions: Blog Post [PODCAST] VeeamUser Group France #1: Record Conti initiates their attacks on Backup: Blog Post Backup with Trusted Repository Storage: Blog Post. Protect your Backup against Ransomware: Blog Post […]

  14. […] Important Vulnerability in VMware ESXi: Blog Post The core function of a SOC: Blog Post Play ransomware infection routine: Blog Post Identify a piece of malware with Yara: Blog Post New Veeam v12 Platform Overview: Blog Post OpenSSL patch (v3.0.7) for Vulnerability 2022: Blog Post Building a SOC: Blog Post List of vendors and software affected by the OpenSSL vulnerability: Blog Post Critical OpenSSL Vulnerability version 3.0: Blog Post Veeam v12 Linux Without SSH And SUDO: Blog PostHardened Repository in Veeam v12: Blog Post Wasabi Object Storage Usage with Veeam B&R v12: Blog Post VeeaMover in v12: Blog Post Ransomware & Cybersecurity with Veeam v12: Blog Post Why backup directly to Object Storage? Blog Post Veeam B&R v12 New Features Overview: Blog Post [REPLAY] Webinar Veeam v12 and Wasabi: Replay Protect your data with Veeam and Wasabi: Blog post Wasabi – Object Lock feature spotlight: Blog post Veeam and the S3-compatible object storage solutions: Blog Post [PODCAST] VeeamUser Group France #1: Record Conti initiates their attacks on Backup: Blog Post Backup with Trusted Repository Storage: Blog Post. Protect your Backup against Ransomware: Blog Post […]

Leave a Reply

error

Enjoy this blog? Please spread the word :)