I recently came under attack by a ransomware virus that pretty much wiped everything out. Fortunately we had backups so were able to pretty much restore our systems. But that got me thinking about ways to prevent infections to begin with. So here's my question.
If I run windows in a VM, and keep copies of the image on external hard drives, are those images subject to a virus infection, specifically can a ransomware virus attack those backup images? I can't find any information on any ransomware attacking any Linux systems, and for good reasons, but I would suspect a Windows system running in a VM would still be subject to the same attacks. So if I keep copies on external drives, and if necessary swap the external drive connections every other day?
Ransomware and Virtual Images
Re: Ransomware and Virtual Images
Not if you unplug the drives after backing them images up...If I run windows in a VM, and keep copies of the image on external hard drives, are those images subject to a virus infection, specifically can a ransomware virus attack those backup images?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Ransomware and Virtual Images
That's one way, but then if I did a normal backup and unplugged the drive it would also be protected. Problem is the drives may not be accessible every day so the drive would still be plugged in, but unmounted. Also the files would be qcow2 and not actually running as VMs so are those files vulnerable if not actively running as VMs?
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: Ransomware and Virtual Images
If you use kvm on centos, you can make live snapshots (package qemu-kvm-ev), then just copy the read-only disk image and later merge botth disks (before and after the snapshot).
Many enterprise solutions work on the same principle (like DP's VEPA backup for VmWare) and it can be quite reliable.
Many enterprise solutions work on the same principle (like DP's VEPA backup for VmWare) and it can be quite reliable.