Crypto-malware such as the major ransomware Trojans that affect Windows machines, CryptoLocker and CryptoWall, will essentially encrypt any data they find on an infected machine and hold it for ransom.
So imagine, you just got hit with ransomware which has encrypted information you have on your production VMs that is required for your business to continue operating. You’ll really appreciate implementing a good backup strategy when you find yourself in such a situation.
However, it’s also important to know how to protect those backups from getting affected as well. Essentially it’s crucial to understand that if your backup locations are reachable through network or directly attached devices they are at risk of getting compromised.
VM Backup is unable to block or restrict access from such malware for non-immutable backup locations and that should be done through antivirus solutions, nonetheless certain ransomware Trojans get updated to avoid antivirus detection.
So, how exactly can you protect your backups from ransomware attacks?
First of all, the most important and fool proof way to ensure you always have a restorable backup set that isn’t affected, is to actually take offsite copies. VM Backup v9 offers the ability to take offsite backups and set them as Immutable for a specified amount of time, this will ensure your offsite backups cannot in any way be modified/encrypted by an attacker or automated ransomware attack.
Having a set of air-gapped backups, is another good option to have in your backup arsenal. This can be set up by using Drive Rotation/Swap which enables you to set up a pool of drives/network paths that can be unplugged and taken offsite. Using this method you’re certain that the drives you have offsite won’t be affected and on top of that, each drive has a full backup that allows you to perform a full recovery from a single drive with no dependency on the other drives.
Also, you can choose to backup via a WAN/VPN/Internet connection to an Offsite Backup Server, which would be hosting backups on a completely different site.
That being said, limiting access to any network paths as much as possible and locking down any access to the NAS to be from the machine hosting the VM Backup console only, will also help.
Therefore ensuring that the NAS is being accessed by its own dedicated set of credentials and not the ones from Active Directory will add another level of security as well.
Once your data has been compromised and the offsite backups are your last resort to get back up and running, you’ll definitely be thanking yourself for taking such measures.