Ransomware and Virtual Images

Support for security such as Firewalls and securing linux
Post Reply
ov10fac
Posts: 44
Joined: 2010/06/08 13:30:51
Contact:

Ransomware and Virtual Images

Post by ov10fac » 2018/05/13 13:57:21

I recently came under attack by a ransomware virus that pretty much wiped everything out. Fortunately we had backups so were able to pretty much restore our systems. But that got me thinking about ways to prevent infections to begin with. So here's my question.

If I run windows in a VM, and keep copies of the image on external hard drives, are those images subject to a virus infection, specifically can a ransomware virus attack those backup images? I can't find any information on any ransomware attacking any Linux systems, and for good reasons, but I would suspect a Windows system running in a VM would still be subject to the same attacks. So if I keep copies on external drives, and if necessary swap the external drive connections every other day?

User avatar
TrevorH
Forum Moderator
Posts: 23871
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Ransomware and Virtual Images

Post by TrevorH » 2018/05/13 15:11:25

If I run windows in a VM, and keep copies of the image on external hard drives, are those images subject to a virus infection, specifically can a ransomware virus attack those backup images?
Not if you unplug the drives after backing them images up...
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

ov10fac
Posts: 44
Joined: 2010/06/08 13:30:51
Contact:

Re: Ransomware and Virtual Images

Post by ov10fac » 2018/05/14 03:41:17

That's one way, but then if I did a normal backup and unplugged the drive it would also be protected. Problem is the drives may not be accessible every day so the drive would still be plugged in, but unmounted. Also the files would be qcow2 and not actually running as VMs so are those files vulnerable if not actively running as VMs?

hunter86_bg
Posts: 1422
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Ransomware and Virtual Images

Post by hunter86_bg » 2018/05/18 19:26:31

If you use kvm on centos, you can make live snapshots (package qemu-kvm-ev), then just copy the read-only disk image and later merge botth disks (before and after the snapshot).
Many enterprise solutions work on the same principle (like DP's VEPA backup for VmWare) and it can be quite reliable.

Post Reply