CDOT held ransom

[roberth]

I'm old enough that the pic is very funny to me.

me too

[Ah Pook]

I'm old enough that the pic is very funny to me.

Me too. Like the degausser too.

[Gman]

The magnet is the crown jewel of the presentation.

[Rumline]

Clearly I don't understand this ransomware stuff. Isn't this what backups are for? Just wipe everything and restore from last night's backups. No?

[CS1983]

Clearly I don't understand this ransomware stuff. Isn't this what backups are for? Just wipe everything and restore from last night's backups. No?

Backups, a lot of times, are for servers and critical infrastructure, not for endpoint usage. To conduct a backup of an enterprises's entire infrastructure -- every single host, etc., every day would be a massive overload on the architecture.

Imagine 2k endpoints w/ 250GB of data each, but let's just leave out the data servers, etc. (which is where a huge amount of the data resides).

That =



A file size of 500,000 gigabytes can also be expressed as *


4,294,967,296,000,000 .......... bits
536,870,912,000,000 .......... bytes
524,288,000,000 .......... kilobytes
512,000,000 .......... megabytes
500,000 .......... gigabytes
488.28125 .... terabytes




Plus, once the malware is on there it's best to simply wipe it and reimage. Otherwise, you are gambling that some aspect of that malicious code is no longer on the machine -- perhaps having embedded and hidden itself in something innocuous to spring up again. Reimaging a single device takes about 30 minutes to an hour, depending on things. If all went well, and just considering the best case scenario, it would take 1000 hours to reimage the enterprise's workstations. Most shops are set up for imaging a few machines at a time. Enterprise upgrades are planned out for months at a time and usually a dedicated team handles it.

CDOT got hosed.

[Rumline]

I would argue that users shouldn't be saving data to their local hard drives, beyond maybe a few files they're actively working on, but I get your point: it's not that the fix is complicated, but that it takes a long time.

Do these ransomeware viruses encrypt NASs / SANs also? If so maybe the backups would be gone too. Tapes FTW!

[CS1983]

I agree with you about not saving a ton of stuff locally, but in my experience it takes someone losing everything to drive that point home.

[BPTactical]

Glad I retired from CDOT in '13. I was a Data Specialist, life would suck for me right now...

[izzy]

Don't know if this belongs here but I had a Jr. dev on my team run rm -rf on a very large very important server the other day. Everything was backed up but it was still a major pain in the ass to restore. Kid asked me what to do when it happened, all freaked out. My answer was start groveling because I'm not going to let this train run me over.

edit: I'm not his boss, he's just on my team.

[CS1983]

Don't know if this belongs here but I had a Jr. dev on my team run rm -rf on a very large very important server the other day. Everything was backed up but it was still a major pain in the ass to restore. Kid asked me what to do when it happened, all freaked out. My answer was start groveling because I'm not going to let this train run me over.

edit: I'm not his boss, he's just on my team.

Ouch.