So as many of us have either heard or experienced ransomware in some way or another. I wanted to ensure that our databases .bak files were not getting encrypted by some 3rd party virus and if they were alert us so we don’t start poisoning our backup systems if we were not going to catch it in time to discover we’ve been compromised. Below is a .PS1 powershell script that I use to report on the status of our ‘.BAK’ files. If a virus were to encrypt the files PRTG would alert us on its next check interval.

$Dir = get-childitem "C:\DatabaseBackups\" -recurse
# $Dir |get-member
$List = $Dir | where {$_.extension -eq ".bak"}
#$List | format-table name
#$List | format-table fullname

foreach ($myitem in $List) {
    #Write-Host $myitem.fullname
    $bytes = Get-Content $myitem.fullname -Encoding byte -TotalCount 4
    #[System.Text.Encoding]::ASCII.GetString($bytes)

    Write-Host
    "<result>"
    "<channel>" + $myitem.fullname + "</channel>"
    "<value>" 
    if ([System.Text.Encoding]::ASCII.GetString($bytes) -eq "TAPE")
    {
        "Passed"
    }
    else
    {
        "Failed"
    }"</value>"
    "</result>"
}

Exit 0

Leave a Reply

Your email address will not be published. Required fields are marked *