#298979 - 05/18/21 01:10 PM Re: Pipeline Ransomware Attack [Re: haertig]
chaosmagnet Offline
Carpal Tunnel

Registered: 12/03/09
Posts: 3697
Loc: USA
Originally Posted By: haertig
I meant those as a sequence of steps to remedy the current problem. e.g., "(1) Take everything offline" is a limited duration step to allow restoring from backups and fixing of security flaws before going back online in step "(5) Carefully open minimal external networking".

I apologize for not being clear; I did understand your meaning.

For many organizations, it's safe to say that they do not believe that they can do this without suffering catastrophic financial losses, losses far greater than those caused directly by the ransomware attack. Whether or not that's actually true is a different story. The reputational hit that comes from a shutdown can also be perceived as being too expensive.

#298982 - 05/19/21 12:49 PM Re: Pipeline Ransomware Attack [Re: haertig]
NAro Offline

Registered: 03/15/01
Posts: 516
"(2) Restore from backups"
Not a sure thing. One of my colleagues got hit, and evidently the ransomware was injected months before the attack, so the backup was infected also.

#298983 - 05/19/21 01:36 PM Re: Pipeline Ransomware Attack [Re: NAro]
haertig Offline

Registered: 03/13/05
Posts: 2321
Loc: Colorado
Originally Posted By: NAro
"(2) Restore from backups"
Not a sure thing. One of my colleagues got hit, and evidently the ransomware was injected months before the attack, so the backup was infected also.

Certainly the quicker you discover a problem, the more likely you are to be able to fix it. Different backup strategies can help. For example, my backups are automated. I keep daily snapshots for six computers on my backup server. Those rollover and are replaced with newer backups when the disks get full. Currently I have a bit less than a years worth of daily file backups for each computer available. And half a years worth of monthly image backups for the Windows computers (I don't do image backups for the Linux ones). This is a more sophisticated backup system than most people have at home.

