How to protect your VMs against Ransomware

Published on
4,561 Points
1 Endorsement
Last Modified:
Luciano Patrão
VCP6.5-DCV, vSAN Specialist, vExpert last 3*, Veeam Vanguard. Expertises VMware, Virtual Backups and Storage design and a active Blogger.
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.

Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it. Not only about the malware, but also how  to be protected against this type threat.

For corporations and mid-size (SMBs), companies have an IT department or at least have an outsourcing IT department, which should have some knowledge about this  type of threats. However, do they know how to protect infrastructures against this kind of malware? On the other hand, how to protect their  Backups against this sort of threat? Backups are also not fully  protected against ransomware.

What is Ransomware?

A  quick view of what is ransomware: This threat has spread very fast  since 2013. Encrypting ransomware is an advanced encryption algorithm.  It will block and encrypt your data, (files, documents, videos, audio,  etc.) from any device, computers, and smartphones. Can block/encrypt the  files, or block the entire system and you will not be able to login and  have access to your data anymore.

Fundamentally, malware for data  hijacking, a malware exploit where the hacker encrypts the victim files  and data and demand a ransom for the key that will decrypt the victim  files or device.

This is a threat that created to hijack your  system files and demand payment to provide the victim with the key that  can decrypt the blocked content. Malware such as CryptoWall,  CryptoLocker, and TorrentLocker, encrypts files stored on computers, and network drives. Once infected, your files are encrypted and your only  option to have your files/systems back is to pay the ransom or lose all  your data previously stored on the computer or storage device.

An example of Ransomware attack.

Then  you have 1 to 3 days to pay the fee. Fees around 300 USD or EUR, paid  by MoneyPak; or BTC2 (two Bitcoins, currently about $280).

How to protect from Ransomware?

  • Always update your systems and have them up to date.
  • Do not accept suspected files/emails.
  • Disable Remote Access (only enable RDP if needed).
  • Install a good Antivirus and use firewalls.
  • Always have updated backups of all your files/data.

Note: For personal computers the rules are the same. Always follow above  rules and always have a backup outside of your device (computer or  smartphone).

These the normal procedures that everyone should  perform in a regular base. Unfortunately are not enough because ransomware malware can bypass antivirus, Guest OS security patches, etc.  Backups are the last resort for a restore of the systems. Again, unfortunately, backups can already been infected with the malware.  Therefore, you will restore an infected system.

Focusing on  Virtual Environments (but the same rules apply to physical systems) the  solution is to have a proper Backup and set the universal rule of  backups, 3-2-1 backup rule.

Companies data are very critical; the  backup rule "3-2-1" is one of the most important processes that you need  to implement in your Backup Infrastructure.

In the 3-2-1 rule  keep at least three copies of your data. Primary backups are usually  located in the Storage Backup Repository for a quick restore and at  least two other copies.  Send your backup data to two different Storage  types and at least one copy in an offsite. Since backups can and will be  encrypted, copy to offsite DR/Cloud is transferred via AES 256  encrypted link.

With your Backup, the 3-2-1 rule uses the Grandfather-Father-Son (GFS) Rotation theme as we have already discussed HERE in this blog. The backup retention period is crucial. What is your  retention period? One week (5 days than in the 6th day starts over).  What is your monthly/year retention? Always check what are the  best  retention period for your type of business and your data. Because RPO  and RTO are crucial in the day you will need to restore your systems.

For  Virtual Backups, most of the Backups tools have already options to have  a Backup copy job, replication or to Backup to cloud like Veeam, Nakivo, Vembu or Altaro, including the encryption of the Backup data.

Let  us indicate what Backup options we can use to how to create a 3-2-1  rule for your Backups; I will use Nakivo Backup & Replication tool.

Here is a example design of the 3-2-1 process rule:

These are the options that you should use for 3-2-1 rules and offsite backups or to backup to Cloud.

  • Replication
    • VMware vSphere replication job (replicate your jobs to a second DR)
    • Amazon EC2 replication job (replicate your jobs to a Cloud environment)
  • Backup Copy
    • Backup copy job (create a Backup copy to a different Backups Repository. To an offsite DR, or a Cloud)
  • Backup Job
    • Backup to TAPES (With NAKIVO Backup & Replication you can use disk-to-disk-to-tape / D2D2T)

Note: To use offsite DR, or Cloud environments, you need to add those repositories to your Nakivo Backup & Replication.

Always choose the right and safe Backup process for your Backup infrastructure  and business. Have systems up to date, use 3-2-1 rule for backups and  also a valid retention period, is a way to prevent a malware attack on  your systems/VMs or Backups Data.

Hope this information was useful.
If this article was "Helpful", please vote in this Article. And I encourage  your comments and feedback.

Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free