Using Veeam Cloud Connect to protect your backups from Ransomware

Ransomware (Shudder). Many of you will know someone who has been affected by some form of Ransomware or other. Many of you may have had to deal with this issue or even rescue businesses from the dreaded plight of the plethora of encrypted files.

You need to be ready to protect yourself from these attacks. Education and prevention are certainly key area’s, but ensuring that your backups are protected should also be high on the agenda. As these attacks get more sophisticated, stories are emerging of businesses finding their online backup data has also been encrypted or even deleted. So how do you protect yourselves from this? Veeam has written seven top tips to help you protect your backups. This can be found here: LINK

7 tops.PNG

Whilst all seven tips are important, I want to focus on why Veeam Cloud Connect can be used to protect your backups from Ransomware.

First , lets look at a simple example of a Randsomware attack. One of your users receives a targeted email, detailing that the attached invoice/order/schedule requires their urgent review. Your user opens said attachment, and they’re in. Immediately the Trojan starts accessing remote shares using the user’s credentials and starts encrypting files. For the purpose of this document, let’s also assume the affected user has Domain Admin access across the domain. Now, lets break that process down a little.

File share access. If your online backup repository is sitting on a CIFS/SMB share that is accessible via the network, this can be susceptible to Ransomware attack. If this share can be browsed from a networked machine, the Trojan can also potentially access it.

Veeam Cloud Connect is not accessible as remote share. The access is completed using propitiatory ports that can only be accessible from the Veeam Management Console. To further protect, you can create a rule on your external firewall to only allow communication to your service provider from your Veeam Management System. For information on ports required, please see here: LINK

Authentication. The Trojan uses the compromised user credentials to remotely access systems and file shares. With Veeam Cloud Connect, the Service Provider gives your defined credentials which have no reference to your internal AD/LDAP/Other authentication means. These credentials are stored within the Veeam Management Console and are encrypted. As only these credentials can access the Cloud Connect Repository, this further protects your offsite backups.

As a more general rule, ensure that access to the Veeam Management Console is also completed using another account. If you allow Domain Admins to access the Veeam Management Console, there is potentially a further risk that remote PS commands can be sent to delete backups opposed to encrypt. This information is again noted in the Veeam Article above.

If you’re interested in taking a free 30-day trial of Veeam Cloud Connect, contact Enquiries@TCTG.co.uk

 

This information is provided as is and correct at time of writing. The author of this post holds no responsibility for the security or protection of your backups. For further advice regarding protecting Veeam Backups see https://www.veeam.com/blog/tips-to-prevent-ransomware-protect-backup-storage.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s