One of the key fundamentals of backing up data is having external copies of the data (that is, backup copies) in addition to snapshots or versions maintained on the source system. Because hackers can gain access to local file servers, creating external backup copies are extremely important in the event of hacker-related incidents, such as ransomware.
By using a Commvault driver component, ransomware is blocked from encrypting or deleting backup data from the MediaAgent itself. Risk is also reduced through copy separation, multiple MediaAgents, multiple sites, and offline media. Using a cloud library is another option, in that it is not visible to the OS local admin account of the MediaAgent, unless a deep analysis attack has exposed the cloud user account credentials.
Commvault places check files in special areas, which our service monitors for changes. If those check files are changed, an alert and notification are launched to investigate, react, and take systems off the network before additional exposure can occur. At that point, managed data paths should be monitored and locked down if necessary. An admin can create an alert using criteria to detect an unusual rate of change.
In addition, when the backup software detects ransomware, an event is triggered, and a warning message is created and delivered to a specified user.