With Beemo solutions, workstations are backed up using an agent that communicates with the appliance via a proprietary protocol including authentication. The protocol used only allows blocks to be sent to the box, it does not allow access to the storage space to modify the blocks in it. The users of the machines to be backed up have no access and no rights to the backup storage space.
This makes it impossible for ransomware to have direct access to backups.
If the client has the “NAS” option on the Beemo, the file server part uses a standard protocol (SMB/CIFS) that can be used by ransomware. In any case if a client uses this option the NAS part must be backed up via a dedicated backup set which cannot be encrypted.
When a client is affected by ransomware, the only thing that will happen in terms of backups is that the encrypted files included in the perimeter will be backed up.
There are two scenarios if a backup is launched following the infection :
– if the ransomware renames the files, then the Beemo will fill up with unnecessary files (which can easily be deleted later)
– if the ransomware keeps the file names as they were originally, then the versioning value set will be important, as the encrypted version will be backed up and will have an impact on the number of versions available for restoration (for this reason, we recommend that you first de-encrypt backups so as not to overwrite the correct versions of files with encrypted versions)
This means that ransomware cannot modify the files stored on the Beemo.
To this day, hundreds of ransomwares have been executed on networks with a Beemo, and none have been able to modify the backups, because it’s impossible.
