• m-p{3}@lemmy.ca
    link
    fedilink
    English
    arrow-up
    70
    arrow-down
    6
    ·
    8 months ago

    If your backup can be reached by a ransomware, it’s not a backup.

      • IHawkMike@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        8 months ago

        Why name drop Veeam as if they’re part of the problem?

        They at least have good options to protect backups from ransomware with Linux hardened repos and immutable object storage.

        • Orbituary@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          8 months ago

          Because Veeam can be good, but it’s only as good as the user pays for. I do ransomware recovery and incident response management for a living. More often than not, Veeam is implemented poorly and does not do what the customer thinks they paid for.

          • IHawkMike@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            3
            ·
            8 months ago

            I still fail to see how that’s the product’s fault.

            Is there some ransomware-proof backup solution that you find most people do set up correctly?

            • Orbituary@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              1
              ·
              8 months ago

              It’s not specifically fault of the product. However, in my experience in this field, the only time client backups are encrypted is due to a false sense of security due to negligence and ignorance.

              Veeam should not be configured by an inexperienced or underfunded tech staff.

  • Boozilla@lemmy.world
    link
    fedilink
    English
    arrow-up
    20
    ·
    8 months ago

    Stories like this make me want to retire early. Most bosses just aren’t willing to pay for sufficient cybersecurity.

    • Churbleyimyam@lemm.ee
      link
      fedilink
      English
      arrow-up
      20
      ·
      edit-2
      8 months ago

      My boss encrypts nothing and leaves all of the machines switched on overnight, every night.

      We got burgled once and someone made off with some postcards and £5 in loose change, overlooking access to a vast trove of customers highly exposing personal, financial, medical and legal documents that has never been purged for over a decade.

      He didn’t even change anything afterwards!

      • Dark Arc@social.packetloss.gg
        link
        fedilink
        English
        arrow-up
        17
        ·
        8 months ago

        To be fair, the common thief isn’t into that sort of burglary. They’re looking for something they can pawn or use themselves

        • T156@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          ·
          8 months ago

          Especially something that can be anonymised and moved quickly. For all they know, the computers are heavy/locked down, and may be tracked.

  • potatopotato
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    8 months ago

    What methods are they using to locate the backups?

      • potatopotato
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 months ago

        I mean, usually you don’t keep them on prem on the same machine. I’m curious if there are any tricky ways to find and destroy backups on other services/servers and how they’re pivoting into those other systems quickly enough to destroy them

    • Orbituary@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      9
      ·
      8 months ago

      Naming convention. Internal DNS. If you’re asking this, you are woefully unprepared. If you’re unprepared, you need someone to help.

  • Tygr@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    1
    ·
    8 months ago

    Come attack mine. It’s kept off my property on a hard drive disconnected from everything. Update it every 6 months.