SQL Database Administrator at Aurora Mental Health Center
Real User
2023-03-17T21:43:38Z
Mar 17, 2023
The key to recovery from a Ransomware attack is the boy scout motto "Be Prepared". In our case, not only did we have backups at the DR site but both the Production site and DR site each had a NAS on a different subnet with different Admin passwords that had backup copies, so 4 total backups. We also were using iSCSI connections to our SAN which the ransomware was not able to cross when they polluted the connection file. This was an unexpected bonus. We were basically back up and running in 4 hours after wiping and restoring files. Lessons learned were to separate as much as possible so if one part of the domain/forest gets corrupted it cannot travel to the other areas. We now use Veeam for Hyper-V windows VMs and Zerto for VMware VMs, another separation of business functions with different admin passwords. Nothing is foolproof but by making it as difficult as possible then makes more time to catch and stop the attack sooner.
Data backup involves copying and moving data from its primary location to a secondary location from which it can later be retrieved in case the primary data storage location experiences some kind of failure or disaster.
The key to recovery from a Ransomware attack is the boy scout motto "Be Prepared". In our case, not only did we have backups at the DR site but both the Production site and DR site each had a NAS on a different subnet with different Admin passwords that had backup copies, so 4 total backups. We also were using iSCSI connections to our SAN which the ransomware was not able to cross when they polluted the connection file. This was an unexpected bonus. We were basically back up and running in 4 hours after wiping and restoring files. Lessons learned were to separate as much as possible so if one part of the domain/forest gets corrupted it cannot travel to the other areas. We now use Veeam for Hyper-V windows VMs and Zerto for VMware VMs, another separation of business functions with different admin passwords. Nothing is foolproof but by making it as difficult as possible then makes more time to catch and stop the attack sooner.