How to Ensure Your Veeam Backups Are Not Vulnerable to Ransomware

Veeam Backup & Replication is an enterprise-grade backup platform from Veeam Software that provides an industry-leading data protection suite for virtual and physical workloads. Atlantic.Net has partnered with Veeam Software and integrated our Managed Veeam Service into most of our cloud and on-premise hosting solutions.

Data protection is an essential business practice to uphold the integrity of mission-critical business data. Daily backups are the minimum requirement of most businesses. Personal users can also reap the benefits of a sensible backup solution to keep hold of precious files or treasured family photographs.

Ransomware is a serious and growing concern. Ransomware attacks can render files and folders useless as they become encrypted, making them impossible to access unless a ransom for the decryption key is paid to the threat actor. In addition, it’s possible the ransomware attack may not be identified immediately, resulting in the infected files being backed up automatically as part of a predefined backup schedule.

The worst-case scenario is when the data is restored, but the backup is infected with ransomware, and critical files are encrypted and inaccessible. In this article, we will discover the advanced protections offered in Veeam that specifically target ransomware, and we will learn how Atlantic.Net hosting services offer world-class protection against ransomware.

How Does Ransomware Threaten Data Protection?

A secure backup is considered the last line of defense against ransomware. If all else fails, at least you have a good backup to restore. Consider what would happen if your backup was a dud. Would you pay the ransom? The U.S. government advises never to pay the ransom simply because it encourages hackers to continue these campaigns.

Businesses should make backup planning part of their cybersecurity defense plan. It requires backups to be planned, tested, and regularly reviewed to maintain a robust security posture. If you’re in the IT industry or work in an IT-adjacent role, you may have frequently heard, “oh, just restore it from backup” as a solution. Unfortunately, sometimes the solution is not that simple, especially when swathes of critical business infrastructure have been taken down by ransomware.

For these reasons, it is essential to have a backup solution that protects against ransomware infecting your server backups.

How to Amend Your Backup Strategy to Defend Against Ransomware

The first step in defending against ransomware in your backups is to review your existing backup schedule in great detail. It is essential to introduce procedural best practices when managing backups.

This should include:

• Review Existing Backup Schedule: Take time to review the existing backup configuration. Ensure all in-scope servers are backed up correctly and that you have selected the required disk or VM-level backup. Ask yourself which disks need backup. Do you need a copy of the system state?
• Check Your Backup Start and Finish Times: Check that your backups start within the start window and finish when expected. Treat a missed backup the same as a failed backup.
• Always Alert Against Backup Failures: Any backup issues should be alerted against and resolved by a support team. If the backup fails, do you need to re-run it manually? Has the backup failed or over-run?
• Educate Your Employees: Training staff about the latest cybersecurity threats is a great way to improve the business’s security posture. Employees are the human firewall. They protect your business from phishing, social engineering, and accidental disclosure (all key attack vectors for hackers), so ensuring they are well-trained will improve security.
• Follow the 3-2-1 Rule of Backups: This rule is fundamental to data protection because it offers the best protection for mission-critical data. There should be at least three copies of important data, on at least two different types of media, with at least one of these copies being offsite. To defend against ransomware, Veeam recommends introducing an “air-gapped, offline or immutable” backup – this means a copy of your organization’s data that’s offline and inaccessible. Your backup device can’t be remotely hacked or corrupted without an internet or other network connection.

How Can Veeam Protect Against Ransomware?

Veeam has several built-in protections that combine to create additional layers of security to help defend against ransomware. Ultra-resilient media underlines ransomware protection. We have already mentioned offline, air-gapped and immutable backups. This is achieved by leveraging immutable backups from your cloud provider or by using a hardened repository for the data.

If you are still using tape backups, use tapes that support WORM (Write Once Read Many). In extreme cases, you may want to consider removable disk media or rotation of backup drives – however, this method is costly.

Other ways Veeam can protect against ransomware are:

• Use the Veeam Backup Schedule: Your business’s backup schedule defines what protection you enforce. Data retention dictates how long backup media is kept and in what data cycle. The most common methods are daily, weekly, monthly, and yearly backups. Where you save, the weekly and monthly are essential. Do you keep them offline? Do you commit to an offsite location? Do you send a tape backup offsite to a secured location?
• Trusted Immutability: Veeam supports multiple storage layers locally and in the cloud. Having a secured hardened repository onsite and then offloading data to a multi-site cloud provider like Atlantic.Net would fulfill trusted immutability. Veeam refers to this as ‘copy mode’ and ‘move mode.’
• Backup Verification: Knowing that you have a good backup is critical when restoring data. Reviewing logs and backup reports is possible, but verifying the data is the only way to be entirely confident of a good backup. You could perform a test restore, but this is a lengthy process. Veeam uses a tool called SureBackup that runs multiple tests on your backups to confirm the data is malware free and that the data can be recovered.

Atlantic.Net Veeam Managed Service

Atlantic.Net is a global cloud services provider with over 25 years of experience, specializing in Windows, Linux, and FreeBSD server hosting. Veeam Backup is used extensively throughout the business, and we are delighted with its performance and the protection standards it affords.

Atlantic.Net provides business-class dedicated and VPS hosting solutions focusing on security, compliance, and simplifying the user experience.

Atlantic.Net offers fully-managed environments, security, and compliance-focused solutions across all its hosting facilities in San Francisco, New York, London, Toronto, Dallas, Ashburn, and Orlando. With a range of certifications, along with SSAE 18, SOC 2, SOC 3, HIPAA, and HITECH-audited data center infrastructure, Atlantic.Net is a security-first provider. For more information, please visit www.atlantic.net.