Segment/Isolate your backups media from Malware
Force disks to offline after backups.
Become invisible from Ransomware/Viruses/Malware or Malicious Acts.
Trying to create backup procedures for Hyper-V that are invisible to malware.
We came across clients’ incidents where a server was infected and all existing backups were deleted on purpose.
Ransomware attacks are now so common that businesses of all sizes need to take precautions in advance in order to minimise effects and avoid paying ransom to get their data back.
A backup software is not an antivirus and cannot protect directly from these attacks.
However it can provide a quick and reliable way to recover from an attack and get your files to a state they were before they were encrypted.
Latest ransomware are smart enough to attack a backup software itself, deleting backups already taken and stop you from recovering.
We need to create a strategy where our backups are isolated from malware.
Synergy HyperV Backup is a backup application with some unique features:
IT/MSP Companies, System administrators, network administrators , security administrators or any power user who wants to create an extra layer of security from hackers.
Main Form and list of Backup Profiles
A backup profile with 4 retention copies and an Offsite backup to another location
Email details for this Profile
Schedule details for the same profile
A backup of the same server but using Offline mode
In this mode, the disk is always offline. Before the backup we bring the disk online, take the backup and then put it back in offline mode.
So this backup is invisible to any malware
Schedules tab
The Logs tab
Information about all VMs on the server
Offline Disks Tab
Updating is performed from within the application
This is a sample of an email sent after backup was completed
(No Card Needed)
Version has all features for just one instance of a Virtual Machine
(No Card Needed)
Includes updates, remote tech support and allows backups of unlimited number of VMs
Hyper-V is a Microsoft hypervisor that enables native virtualization on x86-64 systems. It allows multiple operating systems to run on a single physical server, in isolation from one another, by creating virtual machines (VMs). Hyper-V provides a virtualized set of hardware to the guest operating system, which can run its own operating system. Hyper-V can be used to create and manage virtual machines and their resources, including storage, networking, and memory. It also includes a variety of management and monitoring tools for administrators to use.
For those who may not be familiar with the distinction between type 1 and type 2 hypervisors, here’s a brief explanation:
Type 1 hypervisors, such as VMware ESXi, Citrix XenServer, and Microsoft Hyper-V, function like a low-footprint operating system and run directly on the host computer’s hardware. They are often referred to as “bare metal” or “native” hypervisors, and are typically used for production-ready virtualization in data centers.
Type 2 hypervisors, like VMware Player, Oracle VirtualBox, and Parallels Desktop, run as a software layer on an operating system, similar to other computer programs. They are also known as “hosted” hypervisors and allow end users to run virtual machines on personal computers, making them ideal for training, development, and research purposes.
Many administrators are unsure if Hyper-V is a type 1 or type 2 hypervisor due to its appearance of running on top of the operating system. However, this is not the case. Hyper-V is actually a type 1 or “bare metal” hypervisor. This is because when the Hyper-V role or feature is installed or enabled on a system, the original operating system is converted into a virtual machine and a layer of Hyper-V hypervisor is added underneath it. This is the reason why the system restarts when the Hyper-V role or feature is installed. After restart, the original Windows operating system operates as a virtual machine on top of the Hyper-V hypervisor. In short, Hyper-V functions as a type 1 hypervisor under the hood.
Hyper-V is often mistaken as a type 2 hypervisor due to its appearance of running on top of the operating system. However, when the Hyper-V role or feature is installed or enabled on a system, the original operating system is transformed into a virtual machine and a layer of Hyper-V hypervisor is installed beneath it. This is why the system needs to be restarted during the installation process. Once restarted, the original operating system functions as a virtual machine on top of the Hyper-V hypervisor, making it a type 1 or bare metal hypervisor.
Up to Version 2019 yes it’s free. You can download an ISO file from Microsoft, boot with it on your physical server and then setup Hyper-V as usual.
As of Jan/2023 there is no free 2022 version.
However you can download a windows 2022 evaluation ISO, install on a physical server the Core edition and add the Hyper-V as a feature using the following powershell command:
Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -Restart
Check this really interesting article:
How to Install Hyper-V on Windows Server Core
Yes we have tried the application with Server 2022 Datacenter version on AWS using the metal instance. Check our videos for examples.
Yes
After a backup is finished it can upload a copy to your AWS bucket.
It’s a full working version that allows you to backup just one instance of an application.
Updating is also disabled.
You can use the following commands from within Powershell:
Download demo:
Invoke-WebRequest -uri synergy-usa-llc.com/various/SynergyHyperVBackup.zip -outfile SynergyHyperVBackup.zip
How to unzip downloaded file
Expand-Archive .\SynergyHyperVBackup.zip
After downloading and expanding the archive, change to SynergyHyperVBackup folder and run the Setup.exe.
Microsoft’s .Net Library Long Term Support Ver 6 will be installed for you automatically.
We suggest to change setup location to c:\SynergyHyperVBackup , it will be easier this way for you to run the application.
This is how you can setup the email settings on each profile:
Yes, end of October 2021 there a was a worldwide supply chain attack to multiple maritime companies via Danaos Management Consultants.
The company kept a reverse SSH tunnel from clients to their office for providing remote support and updates.
The hackers breached their main server and were able to access clients’ servers via the SSH. They were able to encrypt data, which in this incident were emails. They even stopped and encrypted the main Oracle database too.
The client’s server was a Linux VM running on a Hyper-V Server. The encryption started around Saturday midnight.
Our client’s latest backup was completed early Saturday morning.
We were informed Sunday morning and were able to bring everything back online by the same Sunday evening.
Due to the Hyper-V isolation (as designed in advance) no backups were harmed.
Monday morning was business as usual for the client and no one even knew what had happened during the weekend.
After the incident we added more backups jobs and especially an Offline one with retention enabled.
https://www.itgovernance.eu/blog/en/cyber-attacks-and-data-breaches-in-review-november-2021
Email credentials are saved as encrypted in the configuration file.
Task schedule credentials are not saved in the configuration file.
Synergy Hyper-V backup can run on a Windows Server Core/Hypervisor (Strongly Suggested):
Or it can run on a Windows Server with Hyper-V as a feature:
We upload/check all of our files with VirusTotal:
SynergyHyperVBackup.zip:
https://www.virustotal.com/gui/file/63602dc930fe3370ed0c1a7d24bb261db7156d43a720a2a2878e41e6f3b4258a
SynergyHyperVBackup.exe:
https://www.virustotal.com/gui/file/e0500eb6f10bbba9d846e1b37ba3d90db41a0f4ba6d94484035d88414f7d0811
SynergyHyperVBackup.dll:
https://www.virustotal.com/gui/file/3ef5f4e9d43e525405b95ca8e73f65c74e2c2583a4e6e32549e4910dba2054d3
After a client’s power failure where the UPS failed to properly shutdown the Hyper-V Server, VMs were not able to start.
See below for the error we got every time we tried to start a VM:
Start-vm : ‘win-8-mngmt’ failed to restore virtual machine state. (Virtual
Machine ID B790B331-90AD-4D68-B2B4-34B604F849A2)
Virtual machine ‘win-8-mngmt’ could not be started because the hypervisor is
not running (Virtual machine ID B790B331-90AD-4D68-B2B4-34B604F849A2).
the following actions may help you resolve the problem:
(1) Verify that the processor of the physical computer has a supported version
if hardware-assisted virtualization.
(2) Verify that hardware-assisted virtualization and hardware-assisted data
execution protection are enabled in the BIOS of the physical computer. (If
you edit the BIOS to enable either setting, you must turn off the power to the
physical computer and then turn it back on. Resetting the physical computer
is not sufficient.)
(3) If you have made changes to the Boot Configuration Data store, review these
hanges to ensure that the hypervisor is configured to launch automatically.
All VMs were on a saved status and were not able to start.
The Hyper-V’s version was 2012R2.
For our case it seemed that updates that were already installed and run after the reboot of the server created the problem:
The following updates caused the issue: KB5009624 and KB5009624.
So here it is how to uninstall them from command line:
wusa /uninstall /kb:5009624
wusa /uninstall /kb:5009595
Just to be on the safe side, download and install hotfix KB5010794 which fixes this bug.
You must download it manually from the Microsoft Update Catalog.
Download and install from within Hyper-V from this link:
https://www.catalog.update.microsoft.com/Search.aspx?q=KB5010794
In case you want to remove and re install the hyper-V feature use the following Power Shell commands:
Remove-WindowsFeature -Name Hyper-V
Install-WindowsFeature -Name Hyper-V
Start your Hyper-V Manager , right click over your server and select “Import Virtual Machine”:
Browse to the location of the backup folder:
Select the Virtual Machine to Restore:
Select “Register…” when you restoring to a new server or “Restore…” for restoring to the same server:
This is a bit tricky, first locate where your Virtual Disks are located:
Then select the same folder:
If you get a similar error just select the “Default Switch”:
Click “Finish” to start the restore:
Your VM is now restored/registered to your Hyper-V:
And it’s also visible from Synergy HyperV Backup:
Run the following command from PowerShell:
Get-WinEvent -FilterHashtable @{ LogName = ‘System’; Id = 41, 1074, 6006, 6605, 6008; } | Format-List Id, LevelDisplayName, TimeCreated, Message
A proper restart or shutdown looks like the following:
Id : 1074
LevelDisplayName : Information
TimeCreated : 1/28/2023 3:51:44 PM
Message : The process C:\Windows\System32\shutdown.exe (YourServer) has
initiated the restart of computer YourServer on behalf of
user YourServer\Administrator for the following reason: No
title for this reason could be found
Reason Code: 0x800000ff
Shutdown Type: restart
Comment:
Where a power failure will look like:
Id : 41
LevelDisplayName : Critical
TimeCreated : 1/28/2023 1:02:31 PM
Message : The system has rebooted without cleanly shutting down
first. This error could be caused if the system stopped
responding, crashed, or lost power unexpectedly.
Id : 6008
LevelDisplayName : Error
TimeCreated : 1/28/2023 1:05:14 PM
Message : The previous system shutdown at 9:58:04 AM on ?1/?28/?2023
was unexpected.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
GET INSTANT ACCESS TO YOUR FREE TOOL
ENTER YOUR EMAIL TO RECEIVE A DOWNLOAD LINK
(Please also check your Junk folder)
GET INSTANT ACCESS TO YOUR FREE GIFT
ENTER YOUR EMAIL TO RECEIVE A DOWNLOAD LINK
(Please also check your Junk folder)
GET INSTANT ACCESS TO YOUR FREE 30 DAYS TRIAL
ENTER YOUR EMAIL TO RECEIVE A DOWNLOAD LINK
(Please also check your Junk folder)
GET INSTANT ACCESS TO YOUR FREE 30 DAYS TRIAL
ENTER YOUR EMAIL TO RECEIVE A DOWNLOAD LINK
(Please also check your Junk folder)
GET INSTANT ACCESS TO YOUR FREE COMMUNITY VERSION
ENTER YOUR EMAIL TO RECEIVE A DOWNLOAD LINK
(Please also check your Junk folder)
GET INSTANT ACCESS TO YOUR FREE GIFT
ENTER YOUR EMAIL TO RECEIVE A DOWNLOAD LINK
GET INSTANT ACCESS TO YOUR FREE GIFT
ENTER YOUR EMAIL TO RECEIVE A DOWNLOAD LINK
GET INSTANT ACCESS TO YOUR FREE GIFT
ENTER YOUR EMAIL TO RECEIVE A DOWNLOAD LINK
GET INSTANT ACCESS TO YOUR FREE GIFT
ENTER YOUR EMAIL TO RECEIVE A DOWNLOAD LINK
GET INSTANT ACCESS TO YOUR FREE GIFT
ENTER YOUR EMAIL TO RECEIVE A DOWNLOAD LINK
GET INSTANT ACCESS TO YOUR FREE GIFT
ENTER YOUR EMAIL TO RECEIVE A DOWNLOAD LINK
GET INSTANT ACCESS TO YOUR FREE GIFT
ENTER YOUR EMAIL TO RECEIVE A DOWNLOAD LINK
GET INSTANT ACCESS TO YOUR FREE GIFT
ENTER YOUR EMAIL TO RECEIVE A DOWNLOAD LINK
GET INSTANT ACCESS TO YOUR FREE E-BOOK
ENTER YOUR EMAIL & DOWNLOAD
GET INSTANT ACCESS TO YOUR FREE E-BOOK
ENTER YOUR EMAIL & DOWNLOAD
GET INSTANT ACCESS TO YOUR FREE E-BOOK
ENTER YOUR EMAIL & DOWNLOAD
GET INSTANT ACCESS TO YOUR FREE E-BOOK
ENTER YOUR EMAIL & DOWNLOAD