Answer the question
In order to leave comments, you need to log in
Do ransomware encrypt archives made using Windows Server tools?
Good day. I wondered if ransomware viruses encrypt archives created by the built-in archiving tool in Windows Server 2016? Interested only in the archive of some data folders. I would like to add another means of recovery in case of infection.
Answer the question
In order to leave comments, you need to log in
It is hardly possible to give an unambiguous answer to the question of what exactly the attackers will encrypt. Often, only those files that ensure the loading and operation of the system are not touched (you must somehow give users the opportunity to buy and run decryption). Everything else can be encrypted, depending on the rights of the account that launched the virus. As far as I know, at the moment, almost the only reliable way to protect yourself is to make backups to an external device.
In order to at least somehow save yourself from losing backups, you need to make them on a separate server, which will be available to the rest of the infrastructure only on certain and non-standard Windows (such as rpc, smb) ports for interaction between the client and the server. For example, like the aforementioned Veeam.
Discussing the security and availability of a disk allocated for Windows Backup, which is hidden from the user in the OS, but connected both physically and logically in the OS, is a pointless undertaking.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question