|
|
|
|
|
|
by crazygringo
915 days ago
|
|
|
I know other institutions have paid ransoms rather than go to backups, because they had never planned for an org-wide restore which would take months to execute. Turns out there's a huge difference between restoring the occasional system, and restoring everything. I'm not sure to what extent backup systems are being upgraded to work faster, how easy that even is, or whether it's more cost effective actually to pay the occasional ransom. |
|
|
And yet it makes sense to regularly test even the "black start" scenario, just like in power grids:
- ransomware isn't the only threat to a datacenter, by far not. Particularly here in Europe, the scenario of an outright nuclear, conventional or EMP attack taking out entire sites is getting back onto the discussion table for disaster preparedness plans, but you also have to account for stuff like fires, water damage, a building collapsing, suicide bombers...
- you keep the employees sharp on their skills in DR
- you uncover where stuff is missing or (under-)documented. If you're a multinational org, it makes sense to have everything documented to a degree that an entire offsite team can just fly in and do everything needed to recover.
- you identify all the various servers that are (sometimes literally) stowed away in a cleaning storage locker but provide crucial services
- you identify bottlenecks that you can use to improve your plans. Basically, stuff like splitting out "cold" data that's rarely required to its own database so you can keep at least a rudimentary version of your service running while restoration is ongoing.