Skip to main content
Question

Ransomware Resilience

  • February 13, 2026
  • 3 comments
  • 27 views
eprieto
Forum|alt.badge.img+9

Many vendors talk about "ransomware resilience".

In real production environments, what are you actually doing with Veeam?

Immutable repositories? Air-gapped? Object Lock?

What failed in real attacks?

Looking forward to your experiences and honest feedback.
This could be valuable for everyone designing resilient backup environments.

Esteban - Red Hat Certified Specialist in OpenShift Virtualization -VMCE - VMCAv1 - VMCT - https://estebanprieto.home.blog/

    3 comments

    Andanet
    Forum|alt.badge.img+12
    • Andanet
    • Veeam Legend
    • February 13, 2026

    Hola Esteban, 

    from my point of view Ransomware Resilience is a “State of Mind”.

    My mantra, during a backup environment design, is to follow security guidelines. For example those are reported by the Analyzer. 

    3-2-1-1-0 rule is focuses on everything that may be useful to start this process.

    Network segmentation is another pillar. 

    and so on… 

    My 2 cents. 

    Antonio D'Andrea | VMCE 2021 | VMCA 2022 | VMTSP2024 | Veeam Legend | VUG Italy Leader | Object First Ace | VCP6-DCV | I want it written on my tombstone "Please start a restore to the last valid backup"
      wolff.mateus
      Forum|alt.badge.img+11
      • wolff.mateus
      • Veeam Vanguard
      • February 13, 2026

      Amigo!

      A lot to talk about it. First of all is immutability on Linux local repo without SSH actived. Everything starts here. Nowadays is easier to do that, because we can use the ISO to build the repo. Of course you can do this with appliances or object storage on cloud, but the most important point is: a local backup with immutability compliance check.

      Other important bullet is network and domain segregate for the backup environment. Not only network even domain, we must check this 2 points together.

      IT Lover | Veeam Vanguard | VUG Leader | Blogger
        AndrePulia
        Forum|alt.badge.img+9
        • AndrePulia
        • Veeam Vanguard
        • February 14, 2026

        @eprieto In my opinion, you need to apply each and every security-related feature that Veeam offers, such as MFA, logout sessions after a period of time, the four-eyes principle, encrypted backup, password loss protection, the 3-2-1 rule, gMSA for app awareness. I also suggest backing up to tapes as a fourth copy, it's air-gapped and immutable since LTO-3, using the new malware detection functions, using Veeam appliances, which come already hardened and compliant with STIG, in addition, using a different domain than production or not using a domain at all, and forcing password changes.

        But what I think is even more important is having notifications delivered to a group of people, having integration with some log server, testing with surebackup, using SNMP, having well-designed procedures to be able to test an environment with users, never using generic users, giving permission only to what is necessary, wow, there's a lot of stuff, having an external audit, but all of this must be taken into consideration of the value to be invested, it won't be worth spending US$500,000 to protect something that's worth $500,000.
        I know it's difficult to implement everything, I would do a risk x benefit x cost analysis.

        Remember, these attacks don't happen overnight, they're there, just working secretly, so I think you have to test everything all the time.

        Involving those responsible for network, storage, server, operating systems, security, user, you have to dedicate time to this.

        I hope this helps a little.

         

        André Pulia - VMCA | VMCE | VMCT |Veeam Vanguard | VUG Leader Brazil | ObjectFirst ACE | HPECI | VCI | Nutanix Certified Instructor | Twitter: @andrepulia | Blog Site – https://pulia.com.br | https://www.credly.com/users/andre-pulia
          Terms & ConditionsAccessibility statement