Comprehensive Guide to Ransomware Protection With Veeam

Every conversation I have with customers and partners nowadays involves sharing the latest information from Veeam on how to combat ransomware with a comprehensive approach. The data indicates that it is not a question of if but when an organization will have to deal with a ransomware incident. The reality is that ransomware is the cybersecurity incident we’ll have to deal with more likely than fire, flood or blood types of disasters.

What Is Ransomware?

Well, this answer changes over time. There have been examples that simply encrypt small or targeted datasets and some that have widespread exfiltration and lateral movement across an organization. I am often debrief of ransomware situations from the Veeam technical support team that guides organizations through ransomware incidents, and it is consistent to see how some of the threats move through an organization. The MITRE ATT&CK framework is a clear go-to in these areas if you haven’t seen it.

Prevention, Protection and Defense

I am a big believer of the NIST Cybersecurity Framework that focuses on five key functions: Identify, Protect, Detect, Respond and Recover. Veeam has capabilities mapped to each of these functions; and will continue to grow in this space. From a prevention, protection and defense standpoint, it is important to understand the difference and options available for how an organization can approach comprehensive protection.

It is a tall ask to seek broad prevention of ransomware, but I’d challenge with the right investments in proven effective techniques across the board your odds go up exponentially. A quick list of key prevention, protection and defense techniques include:

Understanding Ransomware: How Does It Work?

I’ve been following a number of different resources to identify how ransomware behaves. Some of my favorite resources to learn about different behaviors and individual ransomware makers include the Veeam Ransomware Trends Report, the PC Security Channel on YouTube and this glossary of Common Ransomware Types.

From all of these resources, it is clear that different ransomware makers behave differently with a consistent set of impact on an organization. I take all of these behaviors: deletion, encryption, exfiltration and more as a serious wake-up call to ensure that organizations have complete control of their data.

Do I Need a Ransomware Risk Assessment

This is a fair question to ask, but many organizations may simply not be comfortable with the realities of the threatscape today. This is why we at Veeam have made a very easy to use ransomware risk assessment. This tool can give you a view of your data based on what we see at the highest level of trends, and a good starting point for your journey to comprehensive ransomware protection. I’ll be the first to admit, it gets specific quickly and sometimes it is better suited as a private conversation; but this assessment is a great place to start.

Best Practices for Ransomware Protection

The single best practice that matters is to ensure you can recover your data from a ransomware attack. However, there are many  that are part of a comprehensive ransomware protection strategy. Like the assessment recommendation, ransomware protection can get specific quickly based on what is being protected and where it is being stored. At a minimum, a comprehensive strategy for ransomware protection would include (but not be limited to):

Proactively monitor and update systems: Veeam ONE is great here, having Veeam ONE monitor your backup infrastructure as well as your production infrastructure will give you the visibility you need. And be sure to update your infrastructure, all of it.

Veeam ONE will monitor your Veeam environment with incredible detail to help keep your backup infrastructure healthy.

What Tools Are Needed for Ransomware Protection?

The easy place to start is Veeam ONE. I guarantee you that Veeam ONE will tell you something about your environment that you didn’t know about, yet you should address. If you are just implementing Veeam ONE for the first time, do so in a model of least privilege. Do not use accounts for Veeam ONE that are in use elsewhere. Veeam ONE’s ability to monitor and report on possible ransomware activity and potential tampering with the Veeam Backup & Replication infrastructure are critical. Be sure to configure the immutability state and immutability change tracking alarms to be sent directly to security teams for example. Also make sure you are automating reports on any changes in the backup infrastructure in Veeam ONE.

I also recommend not having the Veeam infrastructure connected to the Internet and use explicit usernames and password for specific services and connections. I realize if you have already implemented Veeam, this may be a mountain of work. So, start small, make sure your backup repositories are using explicit credentials separate from credentials used elsewhere in an environment.

One technology I have been working on with Product Management recently is the Veeam Hardened Repository. We have made an attractive option for individuals who don’t have a lot of Linux skill and want it truly hardened. The new installable .ISO will configure the Linux environment for use as a Veeam Hardened Repository and automatically apply DISA STIG hardening that will make a very resilient backup repository. The Veeam Hardened Repository makes it easier than ever to have immutable backups on Linux:

The Veeam Hardened Repository is an easy way to have immutability with no additional Veeam cost.

What To Do During a Ransomware Attack?

The number one thing to do is keep calm. When I debrief from organizations in ransomware incidents, there is common behavior to isolate the infected systems and engage cybersecurity response teams. There are a number of courses of action, and the one thing all backup vendors agree on is to restore data. If ransomware gets in, the only option is to recover data. But also reach out to the right resources for expert advice. The Veeam critical incidents support team guides customers through successful ransomware recoveries every day with a highly trained group of experts who specialize in ransomware recovery.

Best Practices and a Comprehensive Strategy for Ransomware Protection Are Right Here at Veeam

Talk to us here at Veeam. We’re a leading provider of backup solutions worldwide. This is validated by the IDC tracker, the recent Gartner Magic Quadrant for Enterprise backup having Veeam again as a leader. Veeam also prepares the Ransomware Trends Report, one of the largest pieces of industry research of its kind. Coupled with solid product delivery over the years, a strong product roadmap and technical support to provide the ransomware recovery needed. Veeam is your place for comprehensive ransomware protection. If you want more, reach out to your Veeam rep or a reseller partner to take the next steps to comprehensive ransomware protection.

 

White Papers
7Best Practices for Ransomware Recovery
How to make recovery your top priority
Exit mobile version