Hacker News new | ask | show | jobs
by PrimeMcFly 1037 days ago
The solution to ransomware? Backups. It's not more complicated than that. It's honestly puzzling that ransomware is the issue it is, crippling entire organizations. It just means they have inept IT teams.

Sucks this Danish cloud host provider didn't back stuff up properly.
3 comments
deadbunny 1037 days ago
> It just means they have inept IT teams.

More often than not in my experience is that the IT team wants proper backups but management baulk at the price and never authorize it. Until something bad happens of course.

link
soco 1037 days ago
And when the bad thing happens it's of course the IT team painted as "those guys who kept on bitching also earlier about their jobs"
link
RetroTechie 1037 days ago
Hopefully the IT team members were smart enough to have backup job opportunities.
link
qeternity 1037 days ago
At a certain scale, full backups aren't feasible, and people should be implementing their own backups on top of any cloud services.

Backups of the dataplane should of course exist.

link
tryauuum 1037 days ago
shaming is easy

maybe they were backing up their stuff properly, but backups were wiped as well. even if you have some fancy append-only storage someone still has access to it and that access can be misued.

link
_joel 1037 days ago
> but backups were wiped as well

Then they're not offline backups, are they? I know what you mean but backing up to a network drive with R/W is not a backup, it's a copy.

link
tryauuum 1032 days ago
They could have wiped through other means, e.g. through ipmi. Although I don't think that was the case.

More realistically, it probably boils down to money. I wonder what would be the cost of backing up everything to a competitor's cloud daily, e.g. one PB of data per day. I have no idea how much it even costs to have a 200 gigabit link to another data center.

link
PrimeMcFly 1037 days ago
> maybe they were backing up their stuff properly, but backups were wiped as well.

You realize this is contradictory?

link
tryauuum 1032 days ago
I believe this is the case of "no true Scotsman". Whatever backup you propose, someone will point out that you could have done it better. You could have disconnected servers with backups from network when they are not in use. You could have hired a dedicated person whose responsibility would be to deny/delay any request from management to delete the backups. And so on.
link