Ransomware protection for backups at the University of Lübeck

Prevention is the key to ensuring that data is not compromised or even encrypted by cyber criminals. This rule applies to traditional companies as well as public administration and educational institutions. The aim everywhere is to protect sensitive data and, above all, to continue operations as quickly as possible without data loss or ransom payments in the event of a cyber or ransomware attack. Head of IT Helge Illig at the University of Lübeck takes the same view when it comes to the university’s data, some of which is valuable and certainly worth protecting. This is why he and his colleagues in the IT department rely not only on traditional security measures but also on a backup that cannot be encrypted by cyber criminals. Since March 2023, the University of Lübeck’s backup data has also been protected against unauthorized access and thus effectively protected against ransomware with Blocky for Veeam^®.

Situation and need for action

The head of IT and his team were aware that the potential threat was constantly increasing, particularly with regard to ransomware. Although the University of Lübeck had not yet had to deal with a ransomware attack, the latest reports confirming intensive waves of attacks on educational institutions gave reason for caution. In November 2022, the IT experts decided to prevent potential damage from ransomware by protecting their backups against encryption. The aim was to have complete backups available at all times – even in the event of a ransomware attack. This ensures that data is not permanently lost and that you do not have to give in to the cybercriminals’ blackmail attempts to decrypt the backups.

Ransomware protection should be simple, uncomplicated and effective

The IT experts had a few important criteria for the solution. Firstly, data security had to be guaranteed at all costs. Secondly, the application should not burden the administrators with additional continuous work or lead to the risk of errors in operation or configuration due to its high level of complexity. The third criterion for the solution was that it could be integrated quickly and easily into the existing IT environment without the need for a separate hardware and software infrastructure. Last but not least, the cost factor was also decisive. “We have neither the time nor the resources for a complicated and costly solution. Once installed, the system must run simply and reliably so that we can rely on it one hundred percent in an emergency,” explains Helge Illig.

The decision was made quickly, not least because of itiso, the IT system partner they have trusted for many years. As itiso has been supporting the university in the area of storage and therefore also backup since 2011, the system house had a pragmatic and above all reliable solution at hand in the form of Blocky for Veeam^® from GRAU DATA, which can be directly integrated into the existing Veeam backup. The ransomware protection software works seamlessly with Veeam’s backup software, which guarantees smooth and uncomplicated interaction between the two software solutions.

The elegant thing about it: in addition to the secure repository in which the Veeam^® backup stores the data protected from ransomware with the help of Blocky for Veeam^®, the IT experts are convinced that additional security is achieved when the software solutions come from different manufacturers. “This gives us an additional platform for our protected backup without any additional effort. In our opinion, this makes the overall protection even more resilient,” explains Illig.

Proven technology, optimal protection

The Blocky for Veeam^® ransomware protection is based on a technology that GRAU DATA developed many years ago, continuously refined and adapted specifically for this application with some special features: the proven GRAU DATA WORM technology.

From the user’s point of view, software WORM allows one-time writing and unlimited reading, but no modification of a file. The writing of data to the hard disk is controlled and monitored in a dedicated software layer, which is implemented in the operating system kernel. A filter between the file system and the physical hard disk controls all write access to the file system. Only write operations for new files and the reading of existing data are permitted. Subsequent changes to existing data are prevented by the filter. And it is precisely this technology that also helps to protect backup data by effectively preventing ransomware from writing and thus encrypting data.

However, backup solutions such as Veeam^® must not only be able to write the data, but also change it. After all, the changes to the original data must also be reflected in the backup. It must also be possible to delete old data once the retention period has expired. For this purpose, GRAU DATA has opened the door of the software WORM in Blocky for Veeam^® a little so that only the backup solution is allowed to change the data. The backup application must identify itself to the filter layer with its secure digital fingerprint. Only if the fingerprint matches a previously stored reference does the filter layer allow the backup application write access to the data. All other applications, especially malware, cannot identify themselves with a fingerprint and are therefore blocked by the filter. Ransomware therefore encounters WORM-protected backup data and has no chance.

“The solution proposed by itiso met all of our requirements. We have effective protection against encryption by ransomware, which also documents unauthorized access attempts, and we can rely on an unencrypted, functioning backup in the worst-case scenario. Even better, the solution fits very well into our budget,” says IT manager Illig.

Complete backup protection after just 3 hours

The installation of the ransomware protection was largely carried out remotely in collaboration with the university’s IT team, itiso and a specialist from GRAU DATA. It took no more than three hours, including setup, administration and minimal training. Illig comments: “No adjustments had to be made to our existing system either in advance or during installation. Blocky for Veeam^® was installed and activated on the drive to be protected. Since then, protection against unauthorized access attempts has been active.”

Perhaps the biggest advantage for the University of Lübeck is that the security and cyber resilience of the backup could be significantly increased with comparatively little technical effort. If the university’s running systems are encrypted, the IT professionals are able to restore the systems quickly and completely without having to start from scratch. Since March 2023, Blocky for Veeam^® from GRAU DATA has been active and in use without any additional effort for the administrators. Occasionally, data is restored from the backup repository as a test and without any complaints. “Since we have been using ransomware protection for our backups, we are well prepared. Even though we naturally hope that we never get into this situation, the risk of a ransomware attack is relatively high.

In our opinion, it is better to ensure good protection than to get involved in the costly and time-consuming game of cyber criminals in an emergency, where you don’t know the outcome,” summarizes Helge Illig.

About the University of Lübeck

The University of Lübeck (UzL) was founded in 1973 as the Medical University of Lübeck from the second medical faculty of the Christian-Albrechts-University (CAU), which was established in 1964. As of 2022, 5,142 students are enrolled at the UzL. Since 2015, it has been run by a foundation under public law. his makes it the only foundation university in Schleswig-Holstein. The UzL sees itself as a life sciences university and is divided into three sections: Medicine, Natural Sciences and Computer Science/Technology.

About itiso GmbH:

“At itiso, we always focus on the specific requirements and challenges of your company. We help you to find solutions that optimize your data management and prepare you for the future. Our approach pays off: We are able to support more and more well-known medium-sized and internationally active companies. They all rely on our expertise in data analysis, virtualization, backup and recovery, disaster recovery and digital archiving. From the initial assessment to the comparison of concepts and offers through to tenders and finally development and implementation – the experienced specialists and project management veterans at itiso ensure that your IT supports your company’s growth, not hinders it.