Windows Server backup and Cryptolocker

Can someone give me analysis how secure is Windows backup, server version, against criptolocker?

I ask, because I need to secure companies against it, and backing up offline is a bit complex to organize.
mrmutAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
the rules still apply 3 copies - 2 different media - 1 offline copy
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Totally agree with David.

What do you mean by backing up offline?

To your initial question, as of now I have not heard that Cryptolocker, Cryptowall, or any of the variants opening a Windows Backup image and modifying the contents. This is no guarantee that it won't happen but it's probably too a high a bar to spend time developing it to get into the backups when end users are such an easy target.
rindiCommented:
The backup tool used shouldn't be an issue, even if the ransomware should be able to target the backup files. More important is that you remove the backup disks from the server after the backup is done, and also that when they are connected, that your connected users don't have access to them.

The server itself shouldn't get infected by the virus itself, as it doesn't get used to browse the web or open emails, unless it happens to be a Terminal Server. But as TS's are dedicated servers, you wouldn't be running the backup tool on that server.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

mrmutAuthor Commented:
My main line of thought is the way Clocker operates. - If it doesn't see backup disk, than I suppose it shouldn't be able to get to it. Windows effectively "hides" disk from the user and system, and uses it only for backup in dedicated mode.  Clockers usually attack recognized user files, on all accessible volumes, but can't access where there are permissions ban than, or if they don't see the volume at all. I believe this is the case with dedicated Windows backup.

As per backup, I usually configure it in three ways:
1. local backup
2. backup to a LAN location, preferably with another program
3. manual backup to otherwise inaccessible LAN device every several months

The offline backup is a complex thing to keep, especially in small organizations.

In essence, I am looking to clarify what happens if Clocker manages to server.

(And yes, we use good AV program, ESET NOD32.)
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Your assumption about cryptolocker/wall are correct but is no guarantee that it won't change in the future.

Also, pretty much all AV doesn't work for a determined attacker. It is trivial to change a binary's signature. White listing, hardening, good user habits, and employing lest privileges principals is how you need to secure an environment.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rindiCommented:
As I mentioned earlier, all you need to do is remove the disks you are backing up to from the server after the backup is finished. You'd be doing that anyway in a normal environment, as backups need to be offline when not in use, and also at a different location from the server after the backup is done.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.