Protect Virtual Machine: How to Stay Safe from Ransomware

How can we protect VM against ransomware? This is important question for any infrastructure administrator.

Actually, Ransomware is a computer malware, and it will be installed on wide range of devices such as computers, smartphones and wearable devices. It can attack to data and encrypt data then ask user to pay for decrypt data.

Users may encounter in a number of ways. The most common method used by attackers to spread software is via e-mail as an attached file.

Ransomware
Protecting

Protecting Virtual Machines

Most companies are using VDI solutions to deliver desktop experience to the users and virtual desktops acting same as physical desktop. Even all protection steps are provided for protecting users data such as strong anti-virus, firewall, email malware detection and other ways, attackers will try new way to infect user data and keep data as hostage and ask to pay money.

When users data is encrypted by a Ransomware, administrators can help them by restoring their data from a valid backup, so one of solutions to protecting data is taking backup from them.

Traditional Backup

Administrators can ask users to keep their important data on shared folder or removable devices or sync them with same folders on other computers. But this is actually not proper backup, these backup is also under attack.

So administrators can ask users to keep their data on specific drive or folder and take backup from data by a backup software periodically.

That’s good solution and can prevent data loss against common Ransomware but some be able to encrypt MFT (Master File Table) or entire of hard disk. Users’ loss their data and also, they can’t do routine tasks.

In a physical environment, administrators have to deliver new devices with new operating system, all software should be reconfigured again. If it happened on a server, maybe a critical service will down for even some hours.

Backup And Restore

Virtual Infrastructure Backup Solutions

Virtual infrastructures are more flexible than physical infrastructure, usually recovering a service takes less time compare to physical servers. Backup solutions are also more flexible in virtual infrastructures and deliver many features to protecting virtual machines:

  1. File Level Backup: This feature is same as traditional backup, selected files and folders will be stored as backup in backup repository and all or some of them are available for restore always.
  2. Full or Incremental Backup: Full backup or incremental backup with enough restore points would be fine for preventing data loss after attack. At least, 90% of data is recoverable.
  3. Replication: Replicating virtual machines to another datacenter would be good solution for protecting virtual machines from Ransomware and recovery will be done without down time.
  4. Power-On Backup As VM: Third-party backup solutions allows power-on backup as virtual machine for fast recovery.
  5. Backup Copy: Third-party backup solutions allows to take copy from backup immediately after main backup job is done. It will help to keep data secure in two different location at least. 
  6. Backup On Cloud Storage: Virtual backup solutions be able to store backup file on cloud storage directly. 

There is other features, read the articles about them on Backup & Replication menu and also third-party solution such as:

Using a good backup solution will protect data in any organization and preventing data loss. But just deploying is not enough, backup solutions must be implemented by considering about best practices, read the below link and find best practices for backup solutions in virtual infrastructures:

VM Backup Best Practices

Further Reading

Veeam Backup and Replication – How to Choose Best Transport Mode for vSphere Proxy?

Optimizing Data Protection: Unleashing the Power of Database Backup Best Practices in Virtualization Platforms

External Links

Ransomware – Wikipedia

Davoud Teimouri

Professional blogger, vExpert 2015/2016/2017/2018/2019/2020/2021/2022/2023, vExpert NSX, vExpert PRO, vExpert Security, vExpert EUC, VCA, MCITP. This blog is started with simple posts and now, it has large following readers.

Leave a Reply

Your email address will not be published. Required fields are marked *