veeam

Veeam : Ransomware resiliency – The endpoint is a great place to start

Fighting ransomware has become a part of doing business today. Technology professionals around the world are advocating many ways to stay resilient. The most effective method is to have end-user training on how to handle and operate attachments and connectivity to the Internet. One other area to look is frequent endpoint devices: Laptops and PCs.

Veeam has taken ransomware resiliency seriously for a while. We’ve put out a number of posts such as early tips for some of the first attacks and some practical tips when using Veeam Backup & Replication. Now with Veeam Agent for Linux and Veeam Endpoint Backup FREE available as well as Veeam Agent for Microsoft Windows (coming VERY soon) as options for laptops and PCs, it’s time to take ransomware resiliency seriously on these devices.

Before I go too far, it’s important to note that ransomware can exist on both Windows and Linux systems. Additionally, ransomware is not just a PC problem (see recent survey blogpost), as at Veeam we see it nearly every day in technical support for virtual machines. We’ll see more content coming for the virtual machine side of the approach for most resiliency, in this post I’ll focus on PCs and Laptops.

Veeam Agent for Linux is the newest product in which Veeam has offered image-based Availability for non-virtualized systems. Veeam Agent for Linux is a great way to do backups of many different Linux systems with a very intuitive user interface:

veeam linux agent

For ransomware resiliency for Veeam Agent for Linux, putting backups on a different file system will be very easy to do with the seamless integration with Veeam Availability Suite. In this way, backups of Veeam Agent for Linux systems can be placed in Veeam Backup & Replication repositories. They also can be used in the Backup Copy Job function. This way, the Linux backups can be placed on different file systems to avoid propagation of ransomware across the source Linux system and the backups. The Backup Copy Job of Veeam Agent for Linux is shown below writing Linux backups to a Windows Server 2016 ReFS backup repository:

veeam backup copy config

Now, let’s talk about Microsoft operating systems and resiliency against ransomware when it comes to backups. Veeam Endpoint Backup FREE will soon be renamed to Veeam Agent for Microsoft Windows. Let’s explain this changing situation here briefly. Veeam Endpoint Backup FREE was announced at VeeamON in 2014 and since it has been available, it has been downloaded over 1,000,000 times. From the start, it has always provided backup Availability for desktop and server-class Windows operating systems. However, it didn’t have the application-aware image processing support and technical support service. Veeam Agent for Microsoft Windows will introduce these key capabilities as well as many more.
For Veeam Agent for Microsoft Windows, you also can put backups on several different storage options. Everything from NAS systems to removable storage, a Linux path, tape media, a deduplication appliance when integrated with Veeam Availability Suite and more. The removable storage is of interest as it may be the only realistic option for many PC or laptop systems. A while ago, Veeam implemented a feature to eject removable media at the completion of a backup job. This option is available in the scheduling option and when the backup target is a removable media and is shown below:

veeam backup schedule

This simple option can indeed make a big difference. We even had a user share a situation where ransomware encrypted one’s backups. This underscores a need for completely offline backups or otherwise some form of an “air gap” between backup data and production systems. Thus, behave as if when you have ransomware in your organization the only real solution is to restore from backup after it is contained. There is a whole practice of inbound detection and prevention but if it gets in, backup is your only option. Having media eject offline is another mechanism that even with isolated PCs and laptops can have more Availability by having the backup storage offline.
Availability in the ransomware era is a never-ending practice of diligence and configuration review. Additionally, the arsenal of threats will always become more sophisticated to meet our new defenses.


This post was provided by our service partner : Veeam