Search This Blog

Tuesday, May 16, 2017

Last Line of Defense Against WannaCry Ransomware - Part 2

This blog post is continue from Part 1 - http://www.ms4u.info/2017/05/last-line-of-defense-against-wannacry.html

In previous post, we have talked about 3-2-1 rules. For an additional protection, we added 3-2-1-1-0


3- Ensure you have at least three copies of your data
2- Use at least two different media to store the backup
1- Keep at least one copy of your backup offsite
1- Keep at least one copy as offline
0 - Perform verification to ensure no error.

This round we will focus on using Veeam Backup & Replication to recover from infection.

Based on live map on the WannaCry infection (last update on 16 May 2017-9.41pm) , up to date around 374K computer has infected.



If you're using Veeam to protect your Vmware or Hyper-V, then you can use this features to perform recovery

1. Initiate Instant VM Recovery
By using Veeam, you can bring up a system within 2 minutes by mounting the backup data using Veeam patented technology "vPower" to hypervisor.



2. Use Veeam Explorer to view healthy or unhealthy files.
By using Veeam Explorer, you can view before restore. Other legacy backup require you to restore restore point in order to identify the health of the file (encrypt/normal)

Sample of infected file by WannaCry. Pop up appear requesting user to pay ransom in order to decrypt the file. Latest ransom is $600. File is unreadable as it has encrypted.


Without restoring file, use Veeam Explorer to identify file which is healthy. File which is healthy is readable. Once identify it, you can start restoration process.



3. Failover to replicated VM
Replica VM is offline and safe from WannaCry. You can select restore point to failover to replicated VM.



4. Use On Demand Sandbox
Use Veeam to create a virtual lab from the backup data. Without restore backup data into staging server, backup data from Veeam repository can be mounted to hypervisor using Veeam vPower into an isolated environment.


Perform verification to ensure zero error by using Surebackup Job. Then you can leave the VM running so you can perform testing on the VM. Below screenshot refer to VM running on Virtual Lab.




5. Restore from Tape
Tape is offline media. Therefore your backup data store in tape is safe from WannaCry infection.
You can restore backup data from tape.

Hope this guide assist you on recover from WannaCry infection.

Good Luck!

No comments:

Post a Comment