Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday March 08 2020, @04:35PM   Printer-friendly
from the leverage dept.

Ransomware Attackers Use Your Cloud Backups Against You:

Backups are one the most, if not the most, important defense against ransomware, but if not configured properly, attackers will use it against you.

Recently the DoppelPaymer Ransomware operators published on their leak site the Admin user name and password for a non-paying victim's Veeam backup software.

This was not meant to expose the information to others for further attacks but was used as a warning to the victim that the ransomware operators had full access to their network, including the backups.

After seeing this information, I reached out to the operators of the DoppelPaymer and Maze Ransomware families to learn how they target victim's backups and was surprised by what I learned.

It should be noted that in this article we will be focusing on the Veeam backup software. Not because it is less secure than other software, but simply because it is one of the most popular enterprise backup products and was mentioned by the ransomware operators.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by Common Joe on Sunday March 08 2020, @06:59PM (4 children)

    by Common Joe (33) <{common.joe.0101} {at} {gmail.com}> on Sunday March 08 2020, @06:59PM (#968251) Journal

    I like your comment a lot and I'm adopting your definition.

    I'm also starting my own mini-crusade and wish to add to yours: it's not a "backup". It's a "backup and restore". I know I'm preaching to the choir on SoylentNews, but what most suits don't understand is that the backup isn't important. It's the restore that's important. How we get the ability to restore includes testing and exactly what you said about taking things offline.

    Starting Score:    1  point
    Moderation   +3  
       Interesting=2, Informative=1, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 5, Interesting) by edIII on Sunday March 08 2020, @08:20PM (3 children)

    by edIII (791) on Sunday March 08 2020, @08:20PM (#968270)

    Fucking Aye.

    A backup without a tested restore process, is just a hope of a backup. Just like a RAID isn't a mirroring solution, until you actually test it, and it performs as advertised. Just like a buildsheet isn't a buildsheet until somebody else uses it and succeeds.

    Too many people stop halfway, go to lunch, and then operate with a false sense of confidence.

    --
    Technically, lunchtime is at any moment. It's just a wave function.
    • (Score: 2) by PiMuNu on Monday March 09 2020, @12:38PM (1 child)

      by PiMuNu (3823) on Monday March 09 2020, @12:38PM (#968469)

      Computing Rule #1: If you don't test it, it doesn't work.

      • (Score: 0) by Anonymous Coward on Monday March 09 2020, @08:58PM

        by Anonymous Coward on Monday March 09 2020, @08:58PM (#968683)

        Sort of the inverse(?) of what we say here: everything works correctly, until you check the results.

    • (Score: 2) by Freeman on Monday March 09 2020, @05:35PM

      by Freeman (732) on Monday March 09 2020, @05:35PM (#968558) Journal

      Sad face story, our archives are being pushed to the cloud by our IT department. At least they're saying they'll keep one on site "copy/backup". They're pushing everything they can to the Cloud, so they don't have to bother with it.

      --
      Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"