Tape, physically disconnect the server, rotated drives, these are all fine and they're the best way to do this. But, if we study how previous ransomware attacks have gone, then we see this is not an insurmountable obstacle for attackers by any means, which is why the redundant off-site copies and air-gapped copies are properly secured. Your strategy of removing from domain is a great one, don't get me wrong, it should be done.
It's been shown by lower quality ransomwares that the ransomware community is well aware of backups and even has some detection to catch various backup products backups/services (Veeam included), and they enter it into their strategy. "Smash and Grab" runs of course happen, but ransomware attackers happily sit for weeks, months, and in huge cases, year+ to wait to get the environment in a situation where they can introduce the highest amount of pain when the attack is launched. I wouldn't really accept this definition to be honest, since remember, the model for ransomware is get in, and sit. It's still "air gapped" in the sense that the rest of the network cannot access the files, only the backup server. If it‘s a very small company, capacity tier in public cloud is not that expensive. Is it worth to spend some more money to secure the company and the people who work there?Ī tape solution or rotated usb disk solution doesn‘t cost to much. If it‘s for a company, then ask yourself, how much can you loose, if someone attacks your company. My personal recommendation from me: „a backup solution should not be a poor solution“. There are tools to read out the credentials.
#Air gapped backups windows
Or are you talking about Veeam Backup Copys to Tape, rotated disk or Capacity Tier.Ĭredentials - If you have used windows to access the backup server, then the credentials could be cached somewhere.
Veeam Replica Job? If yes, then there reachable over network and therefore in the reach of ransomware. And no one can steal the admin credentials of the backup server. I'm fully of aware of everything you have raised, there are also replicas in place (which are completely out of the reach of ransomware).
0 kommentar(er)
