Crypto-malware such as the major ransomware Trojans that affect Windows machines, CryptoLocker and CryptoWall, will essentially encrypt any data they find on an infected machine and hold it for ransom.
So imagine, you just got hit with ransomware which has encrypted information you have on your production VMs that is required for your business to continue operating. You’ll really appreciate implementing a good backup strategy when you find yourself in such a situation.
However, it’s also important to know how to protect those backups from getting affected as well. Essentially it’s crucial to understand that if your backup locations are reachable through network or directly attached devices they are at risk of getting compromised.
VM Backup itself cannot block or restrict access from such malware and that should be done through antivirus solutions, nonetheless certain ransomware Trojans get updated to avoid antivirus detection.
So, how exactly can you protect your backups from ransomware attacks?
First of all, the most important and fool proof way to ensure you always have a restorable backup set that isn’t affected, is to actually take offsite copies, hence a set of air-gapped backups. This can be set up by using Drive Rotation/Swap which enables you to set up a pool of drives/network paths that can be unplugged and taken offsite. Using this method you’re certain that the drives you have offsite won’t be affected and on top of that, each drive has a full backup that allows you to perform a full recovery from a single drive with no dependency on the other drives.
Also, you can choose to backup via a WAN/VPN/Internet connection to an Offsite Backup Server, which would be hosting backups on a completely different site.
This is the only sure-fire way you can ensure that you have an uncompromised set of backups that you can restore from.
That being said, limiting access to any network paths as much as possible and locking down any access to the NAS to be from the machine hosting the VM Backup console only, will also help.
Therefore ensuring that the NAS is being accessed by its own dedicated set of credentials and not the ones from Active Directory will add another level of security as well.
Once your data has been compromised and the offsite backups are your last resort to get back up and running, you’ll definitely be thanking yourself for taking such measures.