Cryptowall and Windows Server Backup

We have seen a number of CryptoWall infections over the last couple of months.  In one case, we had to pay the ransom.  My question relates to the potential encryption of backups.  We have a number of clients running Windows Server Backup on Server 2008 or 2012.  We back up to an external drive on the server.  Does CryptoWall affect the Windows Server backup file when the server has been infected?  I know that the latest variation deletes Shadow Copies, but cannot find a reference to the Windows Backup file.  Most of our clients use ShadowProtect and we send their backups offsite.  I feel pretty safe with those clients.  However, some clients use the built-in Windows Server backup and do not send offsite.
LVL 2
jspazianoctoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rindiCommented:
Currently backups aren't affected yet. But that doesn't mean that a coming version of the virus will not be able to encrypt backups as well. The best course of action would be to make sure the backup media is only connected during the backup, and when it is finished, turned off. A further precaution is to rotate between different backup media so that should one media get corrupted, you still have an older version on another media available.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rindiCommented:
Another thing I forgot to mention, servers themselves shouldn't not get infected (unless you are talking terminal servers), as people would need to be directly working on the server itself to get the virus installed on it. So only the users' workstation would be running the virus. As the normal PC's shouldn't have access to the backup files, they can't easily get changed by any malware.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Storage Software

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.