Secure Virtual Machine File Backup Protects Against Virus and Ransomware

Are you wondering whether secure virtual machine file backup is possible and what can be done to protect against viruses and ransomware? Many backup solutions use a risky method to access VM files, namely direct mounting of the VM’s disks to the host server. Unfortunately this is not a secure method because an infected VM may infect the host server and thereby gain access to the host’s internal system and LAN.

Through a unique feature in our server backup solution, it’s possible in BackupChain to back up folders and files from the host that are stored inside the VM. Unlike other technologies, however, BackupChain does not mount the virtual disk contents to the host system. In other words, if the virtual machine contained a virus or ransomware, it will not affect the host because the host will never get into contact with contaminated files.

Because BackupChain doesn’t mount the VM’s hard drive, there is no way for the Windows operating system on the host to automatically start any executable code that may be infected inside the VM. The backup runs on the host and files are read directly from a consistent view of the VM’s hard drives, without the VM being aware of the process and without any interference. This feature is called Granular Backup and an example setup is found here.

Another great characteristic of Granular Backup is that there is no need to create a network share to access VM-internal files from the outside. This also reduces attack surface because a network share would expose the VM operating system to additional threats. In addition, Granular Backup can deal with locked files properly, whereas locked files cannot be accessed when trying to open files through a network share. This allows Granular Backup to be used for SQL Server backup, Exchange Server backup, and other services inside virtual machines that keep their data files consistently locked.

Similarly, when you restore files from a virtual machine backup, BackupChain uses a technique called Granular Restore, which doesn’t mount the virtual disks to obtain virtual machine-internal files. Instead the file system is read directly from the backed up virtual disks and the host operating system (or the computer where the restore operation is running) has no contact with the VM’s operating system or its files. However, to minimize the risk of infection when files are restored to a new computer, it’s best to use up-to-date anti-virus software. The anti-virus will scan the newly restored files automatically, so there is no need for anything to be done in addition to the restore operation.

Granular Backup and Granular Restore, thus protect your virtual machine file backup against viruses and ransomware by isolating the host system from the VM’s operating system when you back up as well as when you restore files from inside the virtual machine.