Link to home
Start Free TrialLog in
Avatar of Gad SAADIA
Gad SAADIAFlag for France

asked on

Backup solution safer for Crypto Lockers

Backing up a Windows 2016 physical server on local USB drive

Hello

I need to backup a Windows 2016 physical server on a local UBS drive
(Of course this is not my only backup as data is also backed up online)

My 2 options:
- Windows Backup 2016 integrated tool
- VEEAM agent for Windows (old name: VEEAM Endpoint Backup)

Question:
Witch solution is safer for crypto lockers?
Since our worst scenario would be that the backup USB drive will be crypted also!!

Thank you for your answer
Regards
Avatar of Alex
Alex
Flag of United Kingdom of Great Britain and Northern Ireland image

backup to tape and then take the tape offsite.

To be honest, you're just as likely to get encrypted backups on either, neither one of them will go "Oh this is encrypted, I won't do anything". once the machine is encrypted if you then back it up, you've got an infected backup.

Common sense is paramount here to be fair.
Depends on the cryptolocker virus/malware/ransomware (whatever term you wish to use). Older versions didn't even touch backup files unless it was a flat file copy to a network accessible location or on a local drive. These days some of the more complex variants will actively seek out the backups to remove them.

Generally, the safest backup is the one that is not available on the network at the time the virus hits. For this you should ensure you always have an off-site (off-network) copy of your backup that can be used if worse comes to worse. This can be on tape, a USB drive, an offline server, or even secure in the cloud. Providing nothing on your network can access the backup files directly at the time the virus hits, neither can the virus.

Either backup solution is fine providing you rotate the USB drives and keep one copy offline. Worse case scenario - you lose a day of work if the most recent backup is encrypted.
Avatar of Gad SAADIA

ASKER

In both solutions (Windows Backup or Veeam Agent) UBS drives will be rotated and 1 copy will be kept offsite

My question was related to the fact that 1) Windows Backup makes a special format on the UBS drive, no accessible in Windows through the explorer or a drive letter, meanwhile 2) VAW (Veeam Agent for Windows) is just in plain NTFS format so will be immediately crypted as a local drive. That is the reason Windows Backup is more secure than VAW

BUt I am not sure that this is right. Can you confirm ?
ASKER CERTIFIED SOLUTION
Avatar of Albert Widjaja
Albert Widjaja
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Very nice feature!  But I guess scheduled backups will stop until we reconnect manually the USB drive. Is it right?
Hi Gadsad,

Yes - you are correct, but that should not matter, since you would expect to be removing the USB drive, and rotating it with the next daily, weekly, monthly etc drive, and taking the one from last night off-site.

When you connect the new drive, it will then be available via USB to Veeam (and anything else on your machine, including Crypto-Malware).

I would have to say that the Windows Backup is pretty good - I have never had it fail on me, but if you have already paid for Veeam, and are not paying for an upgrade and / or ongoing fees, then it is also a good choice.


Alan.
and you can install this on your servers.

https://www.d7xtech.com/cryptoprevent-anti-malware/
thanks to all