• State Suggested Answer
  • Replies 14 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 9810 views
  • Users 0 members are here
Options
Related

Ransomware protections

jordanl
over 3 years ago

like most companies we are trying our best to NOT get infected by Ransomware, but....  assuming we do get infected.

I understand that RR core service locks the backup files from being encrypted, that's a great start.  but if it's human operated and they get into the core server... game over.  Are there any built in replication type protections that people are using?   what are people doing so they can sleep at night?  my first step was to remove both source and target RR servers from the domain and give them strong local admin passwords.  I see that these servers have Admin share and c$,d$ shares turned on, do I need those turned on for RR to function?    thanks!   Quest could put together a simple document like, "10 things to do to help prevent backup encryption". that's what I need!

Parents
  • 0 over 3 years ago

    Hello, just to go through our experiences with Rapid Recovery and Ransomware, seeing that we were hit a couple of years back.

    1. We were told when the Rapid Recovery system was installed by Quest that the Repositories couldn't be infected with ransomware, this is categorically false.  Our Repositories did get encrypted by the ransomware and Rapid Recovery became immediately useless as it had wiped out our backups.

    2. We were told during setup of the Rapid Recovery boxes to connect the Cores to the domain because it'd make restores easier when copying files from mounts back over to our domain servers.

    3. We believed we were fine because we had 2 Rapid Recovery cores at 2 different sites replicating to each other.

    4. We did have basic offline backup that was essentially robocopy scripts making backups of our file servers onto usb hard drives, this is what saved us.

    We spoke to Quest who sent an engineer onsite who setup the Rapid Recovery boxes off the domain and we locked the firewalls right down.  We also purchased a tape drive that connects to a virtual Netvault server, Rapid Recovery will run on archive at night and then Netvault copies it to the tape and we take the tape offsite.

  • 0 over 3 years ago in reply to simon peart

    @simon peart

    Your config sounds more like what I am thinking needs to be done as well. But that is introducing a second backup system into the environment and at considerable cost.

    Thanks!

Reply Children
  • 0 over 3 years ago in reply to alaric battle

    We do have 2 branches going off this thread, oh well. There is a cost yes, however that is also where (at times) other 3rd party cloud providers can provide a slightly more competitive cost than just 'going' to Azure or AWS. As yes, especially with replication, the cost can balloon quickly.