Re: Just waiting to see how long before...
Theoretically, yes. But a lot of malware now infiltrates the infrastructure and tries to sabotage the backups for months, before it attacks the live data.
Faced with having to, for example, go back to the end-of-year backups for 2019 or pay the ransom, which is going to be cheaper in the long run? All orders for 2020 lost or will have to be re-entered, all production and batch information, test results and certificates etc. lost or will have to be re-entered.
In the past, it was correct to deride companies for lack of backups, but the malware authors seem to be getting more thorough and affecting shadow copies and corrupting any backups they can get to.
The only chance is to regularly do a sample recovery, so that you can spot the problem more quickly. But how often do you have the time to go back through your backups and do a restore to see if they are working as intended? It is something you should do, but most IT departments I've worked in just don't have the time. Currently, I'm lucky, I restore a random sample of files from different sites on a regular basis, to ensure the backups are working.
But many just assume they are working... Never a good assumption, even if the malware hasn't infected your backup chain.
Biting the hand that feeds IT
