Lagamorph wrote:Reading some more about the Garmin ransomware attack and that's a big Oof.
$10million ransom demand and literally everything internal shut down.
It amazes me, I guess they just don't have backups of their servers.
They could restore all the servers to back before the infection and rebuild all machines and they'd be fine.
Depends on the type of backups they had, and how frequently they take them.
If they had full File System backups taken every day and retained for a period of at least a week then yeah they could just basically flatten what they've got, slap the backup on and get going again. Most likely they only have Data backups though. That would mean they need to build new systems, reinstall the OS and all the applications then restore all of the data from backups. Depending on their infrastructure and how it's set up that's potentially new server names meaning possibly quite a bit of application reconfiguration as well to update what hostnames it's all pointing to.
Also depends on the ransomware, might not be typing file crypto but hitting smart devices, routers etc.
Either way not good, and put serious doubts on wanting to use their stuff as you have to question a little bit competency that this level of a hit was doable. If it this isn’t malware then / ransomeware then same doubt.