Presentation is loading. Please wait.

Presentation is loading. Please wait.

7 tips to prevent ransomware attacks on backup storage

Published byPearl Robinson Modified over 6 years ago

Similar presentations

Presentation on theme: "7 tips to prevent ransomware attacks on backup storage"— Presentation transcript:

1 7 tips to prevent ransomware attacks on backup storage
Joe Marton Senior Systems Engineer

2 Use special credentials for backup storage/backup job
Tip #1: Use special credentials for backup storage/backup job

3 Tip #1: Use different credentials for backup storage
Worst practice Worst practice using DOMAIN\Administrator for everything using DOMAIN\Administrator for everything Best practice using DOMAIN\backup-administrator (dedicated account with all corresponding privileges to complete successful backup) The username context that is used to access the backup storage should be very closely kept and used exclusively for that purpose. Additionally, other security contexts shouldn’t be able to access the backup storage other than the account(s) needed for the actual backup operations. Always consider authentication in the design and implement as much separation as possible from production workloads!

4 Utilize an offline storage
Tip #2 : Utilize an offline storage

5 Tip #2: Utilize an offline storage
Media type Characteristic Tape Completely offline when not being written or read from Replicated VMs Powered off and in most situations can be a different authentication framework (ex: vSphere and Hyper-V hosts are on a different domain) Primary storage snapshots Can be used as recovery techniques and usually have a different authentication framework Cloud Connect backups It’s not connected directly to the backup infrastructure and uses a different authentication mechanism along with different API Rotating hard drives (rotating media) Offline when not being written to or read from Cloud Connect has different credentials but also it is not a CIFS / SMB or NFS share so very hard to be exploited by malware even with credentials exploited.

6 Leverage different file systems for backup storage
Tip #3 : Leverage different file systems for backup storage

7 Tip #3: Leverage different file systems for backup storage
Example: any Linux based repository (ext3, etx4, etc) with different authentication framework Dell EMC DataDomain Using DDBoost or NFS mount HPE StoreOnce Using Catalyst ExaGrid Using native Veeam agent Linux server with JBOD Using NFS mount Having different protocols involved is a good way to prevent ransomware propagation.

8 Take storage snapshots on backup storage if possible
Tip #4: Take storage snapshots on backup storage if possible

9 Tip #4: Take storage snapshots on backup storage if possible
Veeam Backup Server Storage Storage Volume Volume Snapshot Storage snapshots usage as a “semi-offline” technique for primary storage and the same goes for backup storage. If the storage device holding backups supports this capability it may be worth leveraging it. Backup Repository

10 Tip #5: Master Rule

11 Tip #5: Master the 3-2-1-0 Rule
Different media 3 Different copies of data 1 of which is off-site cloud Is offline No errors after backup recoverability verification The rule states to have three different copies of your media, on two different media, one of which is off-site.  And it’s a good idea to add another “1” to the rule where one of the media is offline. The offline storage options listed above highlighted a number of options where you can implement an offline or semi-offline copy of the data.

12 Have visibility into suspicious behavior
Tip #6: Have visibility into suspicious behavior

13 Tip #6: Have visibility into suspicious behavior
Use monitoring software to automatically detect suspicious VM behavior Example: Pre-defined alarm “Possible ransomware activity” in Veeam ONE 9.5. This alarm triggers if there are a lot of writes on disk and high CPU utilization One of the biggest fears of ransomware is that it may propagate to other systems. Having visibility into potential ransomware activity is a big deal. Use software alerts to detect this.

14 Tip #6: Have visibility into suspicious behavior
“Possible ransomware activity” alarm in Veeam ONE 9.5

15 Let the Backup Copy Job do the work for you
Tip #7: Let the Backup Copy Job do the work for you

16 Tip #7: Let the Backup Copy Job do the work for you
When the previous tips above are incorporated, the backup copy job can be a valuable mechanism in a ransomware situation because there are different restore points in use with the Backup Copy Job. The Backup Copy Job is a great mechanism to have restore points created on different storage and with different retention rules than the regular backup job. When the previous points above are incorporated, the backup copy job can be a valuable mechanism in a ransomware situation because there are different restore points in use with the Backup Copy Job.

17 Tip #7: Let the Backup Copy Job do the work for you
Backup Server Data Mover Service Data Mover Service VM restore point Veeam Backup Copy Job for CIFS share in action: if you have instructed Veeam Backup & Replication to automatically select the gateway server, Veeam Backup & Replication will use the Data Mover Services deployed on the backup server. If you have explicitly defined the gateway server, Veeam Backup & Replication will use the source Veeam Data Mover Service on the gateway server in the source site and target Veeam Data Mover Service on the gateway server on the target site. Source Backup Repository Gateway Server Gateway Server Target Backup Repository

18 US Headquarters 2520 Northwinds Parkway Alpharetta, GA 30009 (Main office) (Support) (Support) Join us on:

Download ppt "7 tips to prevent ransomware attacks on backup storage"

Similar presentations

Networking Essentials Lab 3 & 4 Review. If you have configured an event log retention setting to Do Not Overwrite Events (Clear Log Manually), what happens.

Networking Essentials Lab 3 & 4 Review. If you have configured an event log retention setting to Do Not Overwrite Events (Clear Log Manually), what happens.
Utility program + driver program Thomas Wat 4D (21)

Utility program + driver program Thomas Wat 4D (21)
Remove the hurdles to offsite backup Highly efficient Automatically copies VMs to local or offsite storage location Validation and remediation.

Remove the hurdles to offsite backup Highly efficient Automatically copies VMs to local or offsite storage location Validation and remediation.
Veeam Backup & Replication v7 Deep Dive Anton Gostev, Veeam Software Doug Hazelman, Veeam Software BCO5362 #BCO5362.

Veeam Backup & Replication v7 Deep Dive Anton Gostev, Veeam Software Doug Hazelman, Veeam Software BCO5362 #BCO5362.
Network-Attached Storage

Network-Attached Storage
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
After completing this topic, you will be able to explain the Agent for Hyper-V: backup flows Agent for Hyper-V: Backup flows.

After completing this topic, you will be able to explain the Agent for Hyper-V: backup flows Agent for Hyper-V: Backup flows.
Walter Pitrof Technology Solution Professional Microsoft Switzerland Backup, Restore und Disaster Recovery mit Data Protection Manager 2012 Philipp Witschi.

Walter Pitrof Technology Solution Professional Microsoft Switzerland Backup, Restore und Disaster Recovery mit Data Protection Manager 2012 Philipp Witschi.
Module 8: Designing Active Directory Disaster Recovery in Windows Server 2008.

Module 8: Designing Active Directory Disaster Recovery in Windows Server 2008.
November 2009 Network Disaster Recovery October 2014.

November 2009 Network Disaster Recovery October 2014.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
Guide to Linux Installation and Administration, 2e 1 Chapter 9 Preparing for Emergencies.

Guide to Linux Installation and Administration, 2e 1 Chapter 9 Preparing for Emergencies.
Offsite Backup Solutions Justin Paul Senior Virtualization Engineer / VMware vExpert –

Offsite Backup Solutions Justin Paul Senior Virtualization Engineer / VMware vExpert –
4/23/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/23/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
© 2014 VMware Inc. All rights reserved. Panzura with vCloud Air High-level Overview XYZ Date.

© 2014 VMware Inc. All rights reserved. Panzura with vCloud Air High-level Overview XYZ Date.
Mark A. Magumba Storage Management. What is storage An electronic place where computer may store data and instructions for retrieval The objective of.

Mark A. Magumba Storage Management. What is storage An electronic place where computer may store data and instructions for retrieval The objective of.
Component 8/Unit 9bHealth IT Workforce Curriculum Version 1.0 Fall 2010 1 Installation and Maintenance of Health IT Systems Unit 9b Creating Fault Tolerant.

Component 8/Unit 9bHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 9b Creating Fault Tolerant.
What is YOUR Data Worth???. “Just because you're paranoid doesn't mean they aren't after you.” Joseph Heller, Catch-22.

What is YOUR Data Worth???. “Just because you're paranoid doesn't mean they aren't after you.” Joseph Heller, Catch-22.
Using the Cloud to secure your data.. History of Randsomware December 1989 – AIDS Trojan made users male $189 USD to a PO Box in Panama. Fast-forward.

Using the Cloud to secure your data.. History of Randsomware December 1989 – AIDS Trojan made users male $189 USD to a PO Box in Panama. Fast-forward.
Elmtree Backup as a Service Discussion Veeam Cloud Connect Chris Tew – Business Development Manager Bruce Lawrence – Service Delivery Manager.

Elmtree Backup as a Service Discussion Veeam Cloud Connect Chris Tew – Business Development Manager Bruce Lawrence – Service Delivery Manager.

Similar presentations

Ads by Google