SQL Database Administrator at Aurora Mental Health Center
Real User
Top 20
2023-03-17T21:43:38Z
Mar 17, 2023
The key to recovery from a Ransomware attack is the boy scout motto "Be Prepared". In our case, not only did we have backups at the DR site but both the Production site and DR site each had a NAS on a different subnet with different Admin passwords that had backup copies, so 4 total backups. We also were using iSCSI connections to our SAN which the ransomware was not able to cross when they polluted the connection file. This was an unexpected bonus. We were basically back up and running in 4 hours after wiping and restoring files. Lessons learned were to separate as much as possible so if one part of the domain/forest gets corrupted it cannot travel to the other areas. We now use Veeam for Hyper-V windows VMs and Zerto for VMware VMs, another separation of business functions with different admin passwords. Nothing is foolproof but by making it as difficult as possible then makes more time to catch and stop the attack sooner.
Backup and Recovery solutions protect data by regularly copying and securely storing it, ensuring quick restoration when necessary. These solutions minimize the impact of data loss, ensuring business continuity by restoring data in case of hardware failure, cyberattacks, or human error.
Backup and Recovery encompass a wide range of strategies and technologies designed to maintain data integrity. Businesses can leverage cloud-based storage, on-premises systems, or a combination of both to...
The key to recovery from a Ransomware attack is the boy scout motto "Be Prepared". In our case, not only did we have backups at the DR site but both the Production site and DR site each had a NAS on a different subnet with different Admin passwords that had backup copies, so 4 total backups. We also were using iSCSI connections to our SAN which the ransomware was not able to cross when they polluted the connection file. This was an unexpected bonus. We were basically back up and running in 4 hours after wiping and restoring files. Lessons learned were to separate as much as possible so if one part of the domain/forest gets corrupted it cannot travel to the other areas. We now use Veeam for Hyper-V windows VMs and Zerto for VMware VMs, another separation of business functions with different admin passwords. Nothing is foolproof but by making it as difficult as possible then makes more time to catch and stop the attack sooner.