With Beemo solutions, workstations are backed up using an agent that communicates with the appliance via a proprietary protocol including authentication. The protocol used only allows blocks to be sent to the box, it does not allow access to the storage space to modify the blocks in it. The users of the machines to be backed up have no access and no rights to the backup storage space.
This makes it impossible for ransomware to have direct access to backups.

If the client has the “NAS” option on the Beemo, the file server part uses a standard protocol (SMB/CIFS) that can be used by ransomware. In any case if a client uses this option the NAS part must be backed up via a dedicated backup set which cannot be encrypted.

When a client is affected by ransomware, the only thing that will happen in terms of backups is that the encrypted files included in the perimeter will be backed up.

There are two scenarios if a backup is launched following the infection :

– if the ransomware renames the files, then the Beemo will fill up with useless files (which can easily be deleted afterwards)
– if the ransomware keeps the name of the files as they were originally, then the versioning value set will be important, as the encrypted version will be backed up and will impact the number of versions available for restoration (this is why we recommend de-encrypting backups in the first place so as not to overwrite the correct versions of the files with encrypted versions)

This means that ransomware cannot change the files stored on the Beemo.
To date, hundreds of ransomwares have been executed on networks with a Beemo, and none of them have been able to modify the backups, because it is impossible.