So as many of us have either heard or experienced ransomware in some way or another. I wanted to ensure that our databases .bak files were not getting encrypted by some 3rd party virus and if they were alert us so we don’t start poisoning our backup systems if we were not going to catch it in time to discover we’ve been compromised. Below is a .PS1 powershell script that I use to report on the status of our ‘.BAK’ files. If a virus were to encrypt the files PRTG would alert us on its next check interval.

$Dir = get-childitem "C:\DatabaseBackups\" -recurse
# $Dir |get-member
$List = $Dir | where {$_.extension -eq ".bak"}
#$List | format-table name
#$List | format-table fullname

foreach ($myitem in $List) {
    #Write-Host $myitem.fullname
    $bytes = Get-Content $myitem.fullname -Encoding byte -TotalCount 4
    #[System.Text.Encoding]::ASCII.GetString($bytes)

    Write-Host
    "<result>"
    "<channel>" + $myitem.fullname + "</channel>"
    "<value>" 
    if ([System.Text.Encoding]::ASCII.GetString($bytes) -eq "TAPE")
    {
        "Passed"
    }
    else
    {
        "Failed"
    }"</value>"
    "</result>"
}

Exit 0

Leave a Reply

Your email address will not be published. Required fields are marked *

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax