I find this article really informative. I have also created a blog post on some common cyber attacks to compliment this guide.
- I do not encourage paying a ransom in response to a ransomware attack as it does not guarantee that you will get your data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.
Like @vNote42 said, I will like to re-emphasise, ensure 2FA is used wherever possible and regular security awareness training is conducted to help you manage the IT security problems of social engineering, spear phishing and ransomware attacks. Occasionally test to ensure the efficacy of your security awareness program by simulating attacks :)
This article was very good and goes to show you still need to protect against Ransomware. Be sure to read it.
I find this article really informative. I have also created a blog post on some common cyber attacks to compliment this guide.
- I do not encourage paying a ransom in response to a ransomware attack as it does not guarantee that you will get your data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.
Like @vNote42 said, I will like to re-emphasise, ensure 2FA is used wherever possible and regular security awareness training is conducted to help you manage the IT security problems of social engineering, spear phishing and ransomware attacks. Occasionally test to ensure the efficacy of your security awareness program by simulating attacks :)
You are right Chrsi! I read about 57% probability to get your data when you pay ransom.
@vNote42 : Great article !
@vNote42 thanks for sharing
a major concern for me is how to protect backups in case they succeed to take over the veeam backup server.
is it better to have a password protected smb share repository than an iscsi volume mounted on the server or is it irrelevant because if they have taken possession of the veeam backup server they can use the veeam console to delete backups etc?
Can it be of any use to block access to the veeam console with a password or in any case through powershell they manage to delete backups?
@vNote42 thanks for sharing
a major concern for me is how to protect backups in case they succeed to take over the veeam backup server.
is it better to have a password protected smb share repository than an iscsi volume mounted on the server or is it irrelevant because if they have taken possession of the veeam backup server they can use the veeam console to delete backups etc?
Can it be of any use to block access to the veeam console with a password or in any case through powershell they manage to delete backups?
I think in this case a immutable storage for your repository would be the solution.
And a regular configuration backup of your Veeam database on this repo….
@vNote42 thanks for sharing
a major concern for me is how to protect backups in case they succeed to take over the veeam backup server.
is it better to have a password protected smb share repository than an iscsi volume mounted on the server or is it irrelevant because if they have taken possession of the veeam backup server they can use the veeam console to delete backups etc?
Can it be of any use to block access to the veeam console with a password or in any case through powershell they manage to delete backups?
I think in this case a immutable storage for your repository would be the solution.
And a regular configuration backup of your Veeam database on this repo….
Along with full SQL backup too if you use a separate SQL server. If not the configuration backup as mentioned will suffice.
Agree with @JMeixner , hardened repo would help here!
BTW, when a hacker is able to enter your VBR server, you have huge problems! It is rather simple to export all account information out of the DB. So the hacker will have access to your vCenter as well. Therefore one of the top priorities should be to keep your VBR server safe (as Fort Knox)! What he/she cannot do is to immediately delete your backup restore points on a hardened repo.