Reply to post: Re: Recovery redundant?

Emergency services call-handling provider: Ransomware forced it to pull servers offline

Peter Gathercole Silver badge

Re: Recovery redundant?

Ransomware attacks are awkward. you have to be pretty certain that the recovery systems that you build are not coming from infected backups.

I'm not saying that they do this, but if I was someone wanting to place a ransomware bomb in a system, I'd probably want to install and spread it but leave the encryption dormant for several weeks, so that it would be copied onto the backups.

By doing this, you could probably immediately re-infect the environment that is being rebuilt, especially if it is just a timed trigger rather than an instruction from a command and control system external to the environment.

What I really struggle with is the fact that so many environments appear to be easy to infect. I know that the malware probably involves privilege escalation as well as the ransom encryption, but in a properly segmented environment, you should be able to contain an infection before it spreads. But I suppose the rush to consolidate systems into easy to manage large groups probably works against you there.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon