SoylentNews is people
SoylentNews
Ransomware Attackers Use Your Cloud Backups Against You:
Backups are one the most, if not the most, important defense against ransomware, but if not configured properly, attackers will use it against you.
Recently the DoppelPaymer Ransomware operators published on their leak site the Admin user name and password for a non-paying victim's Veeam backup software.
This was not meant to expose the information to others for further attacks but was used as a warning to the victim that the ransomware operators had full access to their network, including the backups.
After seeing this information, I reached out to the operators of the DoppelPaymer and Maze Ransomware families to learn how they target victim's backups and was surprised by what I learned.
It should be noted that in this article we will be focusing on the Veeam backup software. Not because it is less secure than other software, but simply because it is one of the most popular enterprise backup products and was mentioned by the ransomware operators.
(Score: 3, Informative) by Anonymous Coward on Sunday March 08 2020, @05:21PM (9 children)
Hey millenials, here's a pro tip: backups belong on tape drives, detached from the machine after being updated.
(Score: 1, Funny) by Anonymous Coward on Sunday March 08 2020, @05:25PM
Grandpa, you're ignoring the fact that Veeam has great Twitter integration.
(Score: 2) by Runaway1956 on Sunday March 08 2020, @05:34PM (5 children)
I don't know about tape drives - but when your backup is complete, it should be duplicate or triplicate, and one copy should leave the premises, under your own custody, to be stored in a safe place, such as a bank vault.
A backup in the cloud is no backup at all.
BTW, what is the fastest tape drive? Can it compete with USB3 for speed? It certainly doesn't compete with gigabit ethernet, does it? I'll take my chances with a hard drive connected via USB or ethernet, thank you. A single, pocketable device, as opposed to either a monster tape, or lots of little tapes.
Pro-tip: if you need a fork lift to move your backups, you're doing something wrong.
(Score: 3, Insightful) by Oakenshield on Sunday March 08 2020, @06:52PM
You didn't even mention cost. Tape drives are ridiculously expensive. Jukeboxes even more so. You can buy a shitload of USB hard drives, probably one for each day of the month for less that a bottom end tape drive that can handle more that a few terabytes. Swap it out every day and take it offsite. Even the tape media costs as much as a portable 1TB USB drive.
(Score: 1) by shrewdsheep on Sunday March 08 2020, @09:16PM (2 children)
I agree with de replication, and off-premise part, but do not believe in offline. Bits that are not constantly refreshed will rot. An rsync-pull from an off-premise computer (with --backup of course) will do the trick. Files should be restored/hashes checked on a regular basis. This reliability aspect might not be the point of the article, rather that backups can be an easy exfiltration vector, TLDR though.
(Score: 2) by Runaway1956 on Sunday March 08 2020, @11:10PM (1 child)
Correct me if I'm wrong, but wouldn't your goal be met by running two servers, across the street, or across town, and synchronizing them frequently? Bit rot is a thing, but rather than relying on the cloud, just run your own "extra" server, and keep it under your control.
That may be a bit much to ask of smaller businesses, but most any state-wide corporation, any interstate corporation, should be able to afford an extra server room in an office building somewhere.
(Score: 0) by Anonymous Coward on Monday March 09 2020, @12:28AM
Your're right for a threat model that doesn't adapt to your plan. (Like a storm, fire, or hardware failure.)
Sadly that makes you wrong for this one.
Pick some superduper backup multisite s/w called X.
Ransom folks figure out that X is hurting their business model, so they figure out how to make it make encrypted backups.
You get an E-mail from the bad guys, try your backups, and they don't work.
Backups need to be verified and kept offline.
I'm not sure how a cloud could ever be applicable here.
(Score: 2) by Reziac on Monday March 09 2020, @02:52AM
Sandisk/WD now has an NVME portable, up to 2TB. Seems to me that's a fast option.
Agreed cloud backup is data pissed into the wind... and never more secure than the provider.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 1, Interesting) by Anonymous Coward on Sunday March 08 2020, @06:49PM
I remember the Iomega Ditto tape drive I religiously used to back up my PC back in the 1990s. Multiple backup tapes, off-site storage, I did everything "right". Except check that the backups actually worked. My hard drive eventually failed, and I went to the backup tapes, and none of them worked. Not one. Even borrowed a different tape drive; it mattered not. I lost every bit of work from my college days, as well as five years worth of actual work as a paid programmer. All gone.
If you're backing up a mainframe, sure, use tape. If you're backing up your home systems, external USB drives are cheap these days so use them. Just verify that they work.
(Score: 0) by Anonymous Coward on Monday March 09 2020, @12:38AM
If it doesn't have Slack integration, then how are we ever supposed to understand how these so called "backups" work?