Avatar of Gad SAADIA
Flag for France asked on

Backup solution safer for Crypto Lockers

Backing up a Windows 2016 physical server on local USB drive


I need to backup a Windows 2016 physical server on a local UBS drive
(Of course this is not my only backup as data is also backed up online)

My 2 options:
- Windows Backup 2016 integrated tool
- VEEAM agent for Windows (old name: VEEAM Endpoint Backup)

Witch solution is safer for crypto lockers?
Since our worst scenario would be that the backup USB drive will be crypted also!!

Thank you for your answer
Windows OSVeeamVirtualization

Avatar of undefined
Last Comment

8/22/2022 - Mon

backup to tape and then take the tape offsite.

To be honest, you're just as likely to get encrypted backups on either, neither one of them will go "Oh this is encrypted, I won't do anything". once the machine is encrypted if you then back it up, you've got an infected backup.

Common sense is paramount here to be fair.
Andy M

Depends on the cryptolocker virus/malware/ransomware (whatever term you wish to use). Older versions didn't even touch backup files unless it was a flat file copy to a network accessible location or on a local drive. These days some of the more complex variants will actively seek out the backups to remove them.

Generally, the safest backup is the one that is not available on the network at the time the virus hits. For this you should ensure you always have an off-site (off-network) copy of your backup that can be used if worse comes to worse. This can be on tape, a USB drive, an offline server, or even secure in the cloud. Providing nothing on your network can access the backup files directly at the time the virus hits, neither can the virus.

Either backup solution is fine providing you rotate the USB drives and keep one copy offline. Worse case scenario - you lose a day of work if the most recent backup is encrypted.

In both solutions (Windows Backup or Veeam Agent) UBS drives will be rotated and 1 copy will be kept offsite

My question was related to the fact that 1) Windows Backup makes a special format on the UBS drive, no accessible in Windows through the explorer or a drive letter, meanwhile 2) VAW (Veeam Agent for Windows) is just in plain NTFS format so will be immediately crypted as a local drive. That is the reason Windows Backup is more secure than VAW

BUt I am not sure that this is right. Can you confirm ?
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Albert Widjaja

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Very nice feature!  But I guess scheduled backups will stop until we reconnect manually the USB drive. Is it right?

Hi Gadsad,

Yes - you are correct, but that should not matter, since you would expect to be removing the USB drive, and rotating it with the next daily, weekly, monthly etc drive, and taking the one from last night off-site.

When you connect the new drive, it will then be available via USB to Veeam (and anything else on your machine, including Crypto-Malware).

I would have to say that the Windows Backup is pretty good - I have never had it fail on me, but if you have already paid for Veeam, and are not paying for an upgrade and / or ongoing fees, then it is also a good choice.


and you can install this on your servers.

Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

thanks to all