mrmut
asked on
Windows Server backup and Cryptolocker
Can someone give me analysis how secure is Windows backup, server version, against criptolocker?
I ask, because I need to secure companies against it, and backing up offline is a bit complex to organize.
I ask, because I need to secure companies against it, and backing up offline is a bit complex to organize.
the rules still apply 3 copies - 2 different media - 1 offline copy
Totally agree with David.
What do you mean by backing up offline?
To your initial question, as of now I have not heard that Cryptolocker, Cryptowall, or any of the variants opening a Windows Backup image and modifying the contents. This is no guarantee that it won't happen but it's probably too a high a bar to spend time developing it to get into the backups when end users are such an easy target.
What do you mean by backing up offline?
To your initial question, as of now I have not heard that Cryptolocker, Cryptowall, or any of the variants opening a Windows Backup image and modifying the contents. This is no guarantee that it won't happen but it's probably too a high a bar to spend time developing it to get into the backups when end users are such an easy target.
The backup tool used shouldn't be an issue, even if the ransomware should be able to target the backup files. More important is that you remove the backup disks from the server after the backup is done, and also that when they are connected, that your connected users don't have access to them.
The server itself shouldn't get infected by the virus itself, as it doesn't get used to browse the web or open emails, unless it happens to be a Terminal Server. But as TS's are dedicated servers, you wouldn't be running the backup tool on that server.
The server itself shouldn't get infected by the virus itself, as it doesn't get used to browse the web or open emails, unless it happens to be a Terminal Server. But as TS's are dedicated servers, you wouldn't be running the backup tool on that server.
ASKER
My main line of thought is the way Clocker operates. - If it doesn't see backup disk, than I suppose it shouldn't be able to get to it. Windows effectively "hides" disk from the user and system, and uses it only for backup in dedicated mode. Clockers usually attack recognized user files, on all accessible volumes, but can't access where there are permissions ban than, or if they don't see the volume at all. I believe this is the case with dedicated Windows backup.
As per backup, I usually configure it in three ways:
1. local backup
2. backup to a LAN location, preferably with another program
3. manual backup to otherwise inaccessible LAN device every several months
The offline backup is a complex thing to keep, especially in small organizations.
In essence, I am looking to clarify what happens if Clocker manages to server.
(And yes, we use good AV program, ESET NOD32.)
As per backup, I usually configure it in three ways:
1. local backup
2. backup to a LAN location, preferably with another program
3. manual backup to otherwise inaccessible LAN device every several months
The offline backup is a complex thing to keep, especially in small organizations.
In essence, I am looking to clarify what happens if Clocker manages to server.
(And yes, we use good AV program, ESET NOD32.)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As I mentioned earlier, all you need to do is remove the disks you are backing up to from the server after the backup is finished. You'd be doing that anyway in a normal environment, as backups need to be offline when not in use, and also at a different location from the server after the backup is done.