Do ransomware encrypt archives made using Windows Server tools?

P

Pavel Emelyanov2021-11-15 06:47:40

Malware

Pavel Emelyanov, 2021-11-15 06:47:40

Good day. I wondered if ransomware viruses encrypt archives created by the built-in archiving tool in Windows Server 2016? Interested only in the archive of some data folders. I would like to add another means of recovery in case of infection.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

Sand, 2021-11-15
@sand3001

It is hardly possible to give an unambiguous answer to the question of what exactly the attackers will encrypt. Often, only those files that ensure the loading and operation of the system are not touched (you must somehow give users the opportunity to buy and run decryption). Everything else can be encrypted, depending on the rights of the account that launched the virus. As far as I know, at the moment, almost the only reliable way to protect yourself is to make backups to an external device.

A

Alexey Dmitriev, 2021-11-15
@SignFinder

In order to at least somehow save yourself from losing backups, you need to make them on a separate server, which will be available to the rest of the infrastructure only on certain and non-standard Windows (such as rpc, smb) ports for interaction between the client and the server. For example, like the aforementioned Veeam.
Discussing the security and availability of a disk allocated for Windows Backup, which is hidden from the user in the OS, but connected both physically and logically in the OS, is a pointless undertaking.