Here’s your worst nightmare: E-tailer can only resume partial sales 45 days after ransomware attack Japanese e-tailer Askul has resumed online sales, 45 days after a ransomware attack. Askul operates several e-commerce brands serving both consumers and business buyers, plus logistics services used by other consumer brands including Muji. Its own site serves smaller businesses, while its SOLOEL ARENA brand targets corporate …
... at least it's fairly reliable in an emergency.
I know at one place I worked at, a big office environment, the one fax machine that was installed became a lifeline whilst the building LAN was down.
Of course, totally impractical for today's pace of business, especially with job cuts. But a good back up none the less.
Especially if Putin uses Goldeneye on us...
To rephrase, has there ever been a more important time to be utterly sure your fax works?
Glorious leaders in the UK gave the nod to BT to destroy the landline system to save a few quid, removing a communications network that worked when the power went off.
The move to digital is a move to an inherently less resilient infrastructure just as governments shift us to Cold War 2 and geopolitical mayhem. Genius.
[My 2c's Simon]
It's a very hard problem to solve for Tech Teams [Having seen this first hand].
DR is amazing for binary recovery. i.e Power/System/Building gone .... system fail-over.
Cyberattacks happen over a prolonged period of time (for us 60-90 days). As such, movement, persistence and privilege escalation had been been occurring throughout the timeline... (i.e. DR the latest copy (Day 90), reintroduce the persistence, get done again. DR the first copy (If you keep DR that long, we didn't), lose 90 Days of transaction data).
With hindsight, I believe there are only two viable options:
1. Implement Brutal Automation (codify the entire environment and every administrative add/change/remove from the initial build state) in order to rebuild from the ground up greenfield (Network (...), DNS, time, Identity, PaaS, os, apps, etc ) - Then pull "just the required data" (DB's, assets, etc) from the immutable copies (i.e. not the OS / APP / ID ,etc - where the persistence is likely to exist). And test it regularly.
Note:I think for critical infra, where you may be dealing with State Actors, probably would add into green-field H/W ((I believe El'Reg reported the Typhoon US Telco compromise, where persistence was believed to be in F/W)).
2. Purchase a Cyber-recovery service, with all the buzz words that go with it (air-gapped, immutable, isolated recovery environment, SOC, recovery automation, etc, etc)
As I say, this "I believe" is a very hard problem to solve for Tech-Teams and a very misunderstood problem in Exec / General Public.
P.s: I got a lot from this government post-breach report ( Thank's El'Reg ) https://www.bl.uk/stories/blogs/posts/learning-lessons-from-the-cyber-attack
Thoughts on alternative options...?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
