Ransomware attacks are on the rise and HostedBizz is doing something about it
In the past 3 years, the number of Canadians working remotely has skyrocketed to almost 5 million. This huge shift has left remote workers vulnerable as organizations scramble to quickly update their security solutions. Ransomware attacks are on the rise at an alarming rate. These attacks are becoming increasingly sophisticated and typically target on premise backup repositories for encryption, or more likely, deletion.
To ensure maximized protection of critical data, HostedBizz offers an added measure of security to its cloud backup services.
HostedBizz deploys RansomProtect as an additional security service, free of charge, to all of our Veeam Cloud Connect cloud based backups. This applies to all deployments from their MSP partners as well.
This functionality will protect your Cloud backups from malicious deletion. In addition, all deleted images are stored in an inaccessible recycle bin within the HostedBizz Cloud. HostedBizz will retain the contents of the recycle bin for 5 days at no additional cost. As a result, if your backup systems are compromised and your Veeam server is accessed by cyber criminals, RansomProtect will provide you with the peace of mind that your Cloud backups cannot be deleted from the on premises Veeam console. There are no actions required on the tenant side. This feature has been enabled automatically and this enhanced RansomProtect is enabled on all accounts.
If you had previously requested RansomProtect to be enabled on your account(s) – the existing recycle bin retention will remain as is unless it was set to lower than 5 days, in this case the retention will be increased to 5 days. Longer retention is available at a small charge.
HostedBizz have implemented a notification message to let you know that this functionality has been enabled and it will display as a message within any backup job that is directed at the HostedBizz Cloud.
In the event that you believe that your client has been attacked with Ransom ware, please let us know as soon as possible so that we can assist is getting your clients data back from the RansomProtect recycle bin.
There are a number of best practices which reduce the risks against ransomware attacks. The following is a summary of recommendations for you to consider.
- Consider using a non-privileged (not a domain admin) account to access the Veeam console
- Consider disabling remote desktop access to the Veeam server
- Apply Windows Updates on a regular basis to your Veeam server and other Veeam components (proxies, database servers, etc.)
- Use remote console exclusively, do not directly log on to the Veeam server
- Restrict access from the Veeam server to the Internet
- Open rules to Cloud Connect provider gateways
- Open HTTP/HTTPS outbound for Certificate verification endpoints (CRL URLs and OCSP servers)
- https://helpcenter.veeam.com/docs/backup/vsphere/used_ports.html?ver=100
- Rename the default local administrator account on the Veeam server
- Set strong passwords for all local accounts on the Veeam server
- Use Linux or NFS repositories if possible
- Do not run any Veeam services as a privileged (Administrator or Domain Administrator) account
- Do not add users to the Administrators group on the Veeam server to provide access to Veeam, instead use the Veeam Backup Administrator role – https://helpcenter.veeam.com/docs/backup/em/vbr_server_roles.html?ver=100
Still have questions about RansomProtect? Get in touch with our support team for assistance! We’re here to help.