|
VSS often won't save from from crypto/ransom viruses. First, if they get credentials/admin rights they can just blast it all so at minimum the backup system should have alt credentials if it doesn't have a cold offline copy. Also, the default behavior with VSS is to dump old snapshots when the vol is low on space. If your vol more than half-full what it will do is start generating encrypted hidden copies alongside your unencrypted data and keep going until the volume is full which forces all your previous snapshots out. Once its done encrypting, delete the original copies and now there's no easy recovery path without going to backup. You can change the VSS policy to enforce a hard retention policy based on capture intervals but it isn't not the default behavior and something that I have seen first hand bite a important office when they decided VSS == backup.
|
#
¿
May 18, 2016 13:26
|
|
|
|
| # ¿ Apr 25, 2024 10:52 |
|
|
If you already have the hardware, I'd say install Crashplan and set it as a backup destination and make sure you use a different set of credentials to access it. That will give you versioning along with compression/dedupe on the backup set. There's always a chance something could get in to the backup software and issue a command to purge the backups so it might be smart to set VSS policy on the backup volume on the backup box to retain a few old copies in case the worst happens.
|
|
#
¿
May 20, 2016 05:00
|
|