In 2020 Veeam became the #2 provider worldwide in terms of overall revenue with YoY growth more than 17.5 percentage points above the market average 2. Likewise, Veeam had the fastest revenue growth in the worldwide Data Replication & Protection market, both sequentially (+21.5%) and YoY (+17.9%) in 2H’20 among the top 5 vendors, all other vendors combined, and overall market average, according to the IDC Semi-annual Software Tracker, 2H20. A recent report from ransomware incident response firm Coveware 1, based on thousands of cases investigated during Q2 2021, showed Conti V2 to be the second-most-prevalent ransomware encountered, trailing Sodinokibi, also known as REvil by just 2.1% for the top position. Remember, it isn’t if you get ransomwared, but when :).Conti ransomware first appeared in late 2019 and has steadily grown to become one of the forefront ransomware-as-a-service (RaaS) operations. If you have a proper disaster recovery plan, you can leverage that for ransomware recovery. Ransomware? Yeah, that is kind of a disaster. This is part of the reason I’ve been yelling about disaster recovery for the last several years. I literally do not ever care what happens to my Backup & Replication server, because I can just connect a new one to my repository and off I go. Veeam’s data format is ultra portable.I had a Backup & Replication server ready to go in my recovery site via Veeam Disaster Recovery Orchestrator.I had a copy of my data in object storage in the cloud so who cares if my on prem repo was hosed.It took me 7 minutes to get ready to restore my VMs which honestly was pretty great considering my recovery strategy was an afterthought. I happened to design it well enough that it was a breeze to recover because I basically built a disaster recovery strategy for it to re-use some of the components in the future. The funny part of this is I didn’t actually have a ransomware recovery strategy for this environment because it was a lab. This whole process took less than 7 minutes, even with me fumbling around adding my backup repository, which is pretty good actually. Here’s all of my jobs, and I can restore in whatever manner I please. This was a pretty small environment so it didn’t take much time at all. I added my repository, and imported my backups. What slowed me down here actually was that I had to dig through the Azure portal to figure out my storage account key. I was sending my backups to a SOBR leveraging Azure for my capacity tier, so my data was there.Ĭontrary to what this says, Melissa does not in fact love Azure. This lab was designed to be trashed out at some point, to be re-deployed later. I launched the VBR console, my dearest friend, then I added my object storage repository where my backups were stored. Add Object Storage Repository for Recovery
![veeam ransomware veeam ransomware](https://media.threatpost.com/wp-content/uploads/sites/103/2021/09/29112119/Cobalt-Strike-Backup-Removal-Sequence-1-e1632928896227.jpg)
People are always asking me, oh no, what happens if I lose B&R? Well, you build another one really fast unless you have Orchestrator already :). That means I had a VBR server on standby.
![veeam ransomware veeam ransomware](https://pbs.twimg.com/media/C6AgqExWQAI2J38.jpg)
It is fully functional, and does anything and everything a VBR server does. Veeam Disaster Recovery Orchestrator or (VDRO or simply Orchestrator) depending on my mood has an embedded version of Veeam Backup & Replication on it. Here’s something that many people may not know. Veeam Disaster Recovery Orchestrator’s Embedded VBR is Awesome No, just kidding, I actually started laughing when I realized what happened.įirst things first, I needed a new Backup & Replication server, which I just happened to have handy since I have Veeam Disaster Recovery Orchestrator. I was very scared by the ransom note left on my sever and the aol e-mail address I was supposed to send bitcoins to. They got my Orchestrator ISO! How dare they! Oh no, what ever will I do? First things first, I nuked it from orbit, after I grabbed a few screenshots.
![veeam ransomware veeam ransomware](https://img.veeam.com/bs/veeamlive_ransomware_preview.png)
My Veeam Backup & Replication Server was Ransomwaredįirst of all, how is this for ironic? It was my Veeam Backup & Replication server that was theoretically crippled by ransomware.