Submitted by giuliomagnifico t3_yvweup in technology
_bobby_tables_ t1_iwgfnqi wrote
Why not just make it illegal to not have your data backed up?
Toad32 t1_iwgkbl7 wrote
Seriously, I have recovered from ransomware because we had backups of everything. It brought us down for 2 hours while the restore took place.
g2g079 t1_iwgmbgf wrote
My old job had viruses everywhere when I started. Machines hadn't been wiped for decades and even their antivirus licensing server was down because of malware
I spent months reimaging every machine in that place. I kept everything updated and the PCs running like new. Meanwhile, my senior coworker and our vendor pissed around for a replacement backup solution for over a year after the old one failed during a restore.
Eventually, I quit for a better opportunity. A few years later EVERYTHING got ransomware there. I only found out because months after the attack they had asked a local community college for help imaging machines because it was going slower than expected due to their senior guy going to Vegas.
Like wtf. This was a mental healthcare place. You should have called professionals. Instead you asked if their are any students that can help because you sent your senior guy to fucking Vegas.
So glad I left that place. Still wonder if they had a working backup.
skaterfromtheville t1_iwgm6je wrote
What timeframe backup are you on
Toad32 t1_iwijv9f wrote
Nightly external backup at 1am - internal Shadow copies at 12pm and 8pm.
Fieos t1_iwgvjax wrote
It isn't that simple. Often times to recover significant amounts of data takes time. A business has to weigh out the loss of revenue during the recovery window versus the cost of paying the ransomware payment.
_bobby_tables_ t1_iwh5ok3 wrote
It really is. A company should develop an action plan ahead of time. A recovery path should be designed to restore the most critical systems first. The plan should be updated and tested.
My company can recover from a worst case scenario starting with bare metal in less than three days for productuon systems, and another two days for non-critical systems (finance, HR, legacy and a few minor administrative systems).
This is really a solved problem with a little prep work. These days I see ransomware payments as a tax on stupidity and/or incompetence. I have no sympathy.
Not_as_witty_as_u t1_iwhewiq wrote
How does a backup solve this though? Isn’t the ransom the threat of releasing the data?
_bobby_tables_ t1_iwiz1b3 wrote
Sensitive data at rest should be encrypted. So if hackers get your data, the risk of release is low. My company also insures for a year of LifeLock for any customers impacted by an intrusion.
Fieos t1_iwh8wj7 wrote
It really isn't, especially when you are talking in the amounts of petabytes of backup data. Plus, so much of it depends on how you were compromised...
You should have an action plan, you should have backups, but saying it is 'simple' is pretty specific to the company. But you are an Internet badass, I get it.
nvrmor t1_iwhtdku wrote
>internet badass, I get it.
You don't need to insult people. You could, you know, provide evidence to support your claim...
Fieos t1_iwhzqr0 wrote
Okay, sure.
- Source 20+ year IT veteran specializing in the private cloud computing areas of business continuity, disaster recovery, and cyber-threat resiliency.
People often think, "I have backup... I'm good."
How do you know if your backups aren't also compromised? Are you scanning for metadata changes in your archive? If your infrastructure was targeted, do you have a recovery plan for all your data center services? DNS/NTP/LDAP/SMTP/PKI/etc?
Do your business processes aligned to report and communicate internally (and possibly externally) in the event of a security breach? If you are compromised and recovering to an alternate restore target... do you have your VIPs configured to handle the new locale?
Do you have all your binaries for a site rebuild onsite in a vault and are all your runbooks current? Have you actually even tested restores?
Say you are recovering from backup and everything else is good? What is your throughput to get your data back on disk?
If your data is encrypted by a third party, what's the plan? If the data is already outside of the environment... what's the plan?
None of this is simple at scale.
nvrmor t1_iwi0d0v wrote
yeah but what if you just used a backup?
_bobby_tables_ t1_iwhzw9i wrote
Wait. I was happy to be called an internet badass. I read no sarcasm at all into that.
Fieos t1_iwi7jso wrote
I will continue to dub thee with the highest level of Internet badassery, even if /u/nvrmor stands in the way.
nvrmor t1_iwi9kpj wrote
pfft you wouldn't know internet badass if it fragged you straight in the face. I ran gentoo in 2002 and have written DOZENS of bash scripts. All you need is a little rsync to stop ransomware and it doesn't take 2 braincells to figure that out genius jeez
Fieos t1_iwicibm wrote
Come at me bro... I still mostly remember my ICQ number.
Viewing a single comment thread. View all comments