• EN

[post digest] How to protect your organization from ransomware attacks

vNote42
Userlevel 7
Badge +13

Just read a Veeam blog post about how to protect your organization from ransomware attacks. Because we cannot talk enough about ransomware-protection, I want to give a small summary of the blog post here. Consider it as an invitation to read the original post carefully

https://www.veeam.com/blog/how-to-protect-your-organization-from-ransomware-attacks.html

 

  • Attack Vectors – often started at endpoints
    • Phishing emails, with/without download links
    • Reuse of compromised user identity
    • Brute-force attacks
    • Exploiting vulnerabilities
    • DDoS attacks
       
  • Countermeasures
    • Patch and keep your systems
    • Apply strict MFA for all remote
      • to avoid brute force attacks
    • Protect user
    • Protecting the endpoint
      • Traditional antivirus is no longer enough
    • Email security
    • Data protection
      • Backup, backup, backup
      • 3-2-1 Rule
    • Visibility
      • Monitor ransomware attack specify metrics
    • I personally add: train your employees
    • Other related actions to reduce risk

 

However, nothing is guaranteed to protect you 100% from attacks

Wolfgang | vnote42.net | @vNote42

9 comments

Iams3le
Userlevel 7
Badge +9

I find this article really informative. I have also created a blog post on some common cyber attacks to compliment this guide.
- I do not encourage paying a ransom in response to a ransomware attack as it does not guarantee that you will get your data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.
 

Like @vNote42  said, I will like to re-emphasise, ensure 2FA is used wherever possible and regular security awareness training is conducted to help you manage the IT security problems of social engineering, spear phishing and ransomware attacks. Occasionally test to ensure the efficacy of your security awareness program by simulating attacks :) 

[Microsoft MVP | Veeam Legend 5* | VMware vExpert 4* | Cisco Champion 3*]
Chris.Childerhose
Userlevel 7
Badge +20

This article was very good and goes to show you still need to protect against Ransomware.  Be sure to read it.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
vNote42
Userlevel 7
Badge +13

I find this article really informative. I have also created a blog post on some common cyber attacks to compliment this guide.
- I do not encourage paying a ransom in response to a ransomware attack as it does not guarantee that you will get your data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.
 

Like @vNote42  said, I will like to re-emphasise, ensure 2FA is used wherever possible and regular security awareness training is conducted to help you manage the IT security problems of social engineering, spear phishing and ransomware attacks. Occasionally test to ensure the efficacy of your security awareness program by simulating attacks :) 

You are right Chrsi! I read about 57% probability to get your data when you pay ransom.

Wolfgang | vnote42.net | @vNote42
Nico Losschaert
Userlevel 7
Badge +11

Thx for sharing @vNote42 

#Veeam Legend 5* | VMCA 2* | VMCE 3* | VMTSP+ 2* | VMSP 2* | DCIE 2* | Loves Best Practices | Twitter : @NLosschaert
I
Userlevel 7
Badge +4

@vNote42 : Great article !

Inder | www.thenetworkdna.com | Twitter @inder8588
D

@vNote42 thanks for sharing

a major concern for me is how to protect backups in case they succeed to take over the veeam backup server.
is it better to have a password protected smb share repository than an iscsi volume mounted on the server or is it irrelevant because if they have taken possession of the veeam backup server they can use the veeam console to delete backups etc?
Can it be of any use to block access to the veeam console with a password or in any case through powershell they manage to delete backups?

JMeixner
Userlevel 7
Badge +17

@vNote42 thanks for sharing

a major concern for me is how to protect backups in case they succeed to take over the veeam backup server.
is it better to have a password protected smb share repository than an iscsi volume mounted on the server or is it irrelevant because if they have taken possession of the veeam backup server they can use the veeam console to delete backups etc?
Can it be of any use to block access to the veeam console with a password or in any case through powershell they manage to delete backups?

I think in this case a immutable storage for your repository would be the solution.

And a regular configuration backup of your Veeam database on this repo….

Jochen (Joe) Meixner | Veeam Vanguard 2024 | Veeam Legend 2021 - 2023 | Veeam Certified Architect (VMCA) 2022 | Twitter: @JoMeix | BlueSky: @jmeixner.bsky.social
Chris.Childerhose
Userlevel 7
Badge +20

@vNote42 thanks for sharing

a major concern for me is how to protect backups in case they succeed to take over the veeam backup server.
is it better to have a password protected smb share repository than an iscsi volume mounted on the server or is it irrelevant because if they have taken possession of the veeam backup server they can use the veeam console to delete backups etc?
Can it be of any use to block access to the veeam console with a password or in any case through powershell they manage to delete backups?

I think in this case a immutable storage for your repository would be the solution.

And a regular configuration backup of your Veeam database on this repo….

Along with full SQL backup too if you use a separate SQL server.  If not the configuration backup as mentioned will suffice.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
vNote42
Userlevel 7
Badge +13

Agree with @JMeixner , hardened repo would help here! 

BTW, when a hacker is able to enter your VBR server, you have huge problems! It is rather simple to export all account information out of the DB. So the hacker will have access to your vCenter as well. Therefore one of the top priorities should be to keep your VBR server safe (as Fort Knox)! What he/she cannot do is to immediately delete your backup restore points on a hardened repo.

Wolfgang | vnote42.net | @vNote42

Comment


Terms & Conditions