Backup solution safer for Crypto Lockers

Gad SAADIA
Gad SAADIA used Ask the Experts™
on
Backing up a Windows 2016 physical server on local USB drive

Hello

I need to backup a Windows 2016 physical server on a local UBS drive
(Of course this is not my only backup as data is also backed up online)

My 2 options:
- Windows Backup 2016 integrated tool
- VEEAM agent for Windows (old name: VEEAM Endpoint Backup)

Question:
Witch solution is safer for crypto lockers?
Since our worst scenario would be that the backup USB drive will be crypted also!!

Thank you for your answer
Regards
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
AlexSenior Infrastructure Analyst

Commented:
backup to tape and then take the tape offsite.

To be honest, you're just as likely to get encrypted backups on either, neither one of them will go "Oh this is encrypted, I won't do anything". once the machine is encrypted if you then back it up, you've got an infected backup.

Common sense is paramount here to be fair.
Andy MIT Systems Manager

Commented:
Depends on the cryptolocker virus/malware/ransomware (whatever term you wish to use). Older versions didn't even touch backup files unless it was a flat file copy to a network accessible location or on a local drive. These days some of the more complex variants will actively seek out the backups to remove them.

Generally, the safest backup is the one that is not available on the network at the time the virus hits. For this you should ensure you always have an off-site (off-network) copy of your backup that can be used if worse comes to worse. This can be on tape, a USB drive, an offline server, or even secure in the cloud. Providing nothing on your network can access the backup files directly at the time the virus hits, neither can the virus.

Either backup solution is fine providing you rotate the USB drives and keep one copy offline. Worse case scenario - you lose a day of work if the most recent backup is encrypted.
Gad SAADIAManager

Author

Commented:
In both solutions (Windows Backup or Veeam Agent) UBS drives will be rotated and 1 copy will be kept offsite

My question was related to the fact that 1) Windows Backup makes a special format on the UBS drive, no accessible in Windows through the explorer or a drive letter, meanwhile 2) VAW (Veeam Agent for Windows) is just in plain NTFS format so will be immediately crypted as a local drive. That is the reason Windows Backup is more secure than VAW

BUt I am not sure that this is right. Can you confirm ?
Commented:
With Veeam Agent, or the freeware Veeam Endpoint backup, it has the capability to disconnect the USB drive after the backup.
hence no need to worry about crypto locker.
Gad SAADIAManager

Author

Commented:
Very nice feature!  But I guess scheduled backups will stop until we reconnect manually the USB drive. Is it right?
AlanConsultant

Commented:
Hi Gadsad,

Yes - you are correct, but that should not matter, since you would expect to be removing the USB drive, and rotating it with the next daily, weekly, monthly etc drive, and taking the one from last night off-site.

When you connect the new drive, it will then be available via USB to Veeam (and anything else on your machine, including Crypto-Malware).

I would have to say that the Windows Backup is pretty good - I have never had it fail on me, but if you have already paid for Veeam, and are not paying for an upgrade and / or ongoing fees, then it is also a good choice.


Alan.
and you can install this on your servers.

https://www.d7xtech.com/cryptoprevent-anti-malware/
Gad SAADIAManager

Author

Commented:
thanks to all

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial