I've been joking around the fact that some companies (and schools) put so much encryption and security processes in place that soon you wont be able to get into your own data/systems, it seems this has come true in your companies case.KungFooBob wrote: ↑Sun Oct 01, 2023 5:37 pmAs of 6pm on Friday, they were still fucked.Yorick wrote: ↑Sun Oct 01, 2023 5:21 pmAny update?KungFooBob wrote: ↑Thu Sep 28, 2023 3:25 pm
They only have one IT person. It was me. Then they sacked my replacement after 6 months and made the technical (product expert) guy who used to sit next to me IT Manager because he knew how to reset passwords. They're proper fucked if they can't find that encryption key (that I didn't even know existed, so I'm glad it didn't happen on my shift).
All four European offices are down. All the data (15tb of it) is there in the cloud backup, they just can't decrypt it. I can't see the business being able to continue trading without the ERP (four separate instances of SAP Business One).
I think the biggest problem was the rush to flatten the existing server estate because they thought they could restore from the cloud. Restores had been tested, but using the on-prem Veeam Enterprise Manager that had the encryption key cached, wasn't until they tried to restore to fresh installed Hosts with the Enterprise manager not available (it was on-prem and wiped) they realised you needed the keys.
It's quite sobering how fucked a company is without it's data and how easily that data can be taken away.
With hindsight, they would have been better off paying the ransom.
A MAT around my way (CSET) had a ransomware attack on a cluster of 28 schools, i think they ended up paying numerous hundreds of thousands of pounds to recover some of it. It also highlighted the fact they had no backups for any of their primary schools. The LA then forced the schools to come with them for support as the MAT's IT dept was forced to close. Ironically they didn't give them this as a choice as they said if they chose to go with a 3'rd party IT support company like the one i work for they wouldn't give them access to the data they had managed to recover, so in theory they ransomed the ransomed data back to the school!
Why wasn't someone monitoring the backups and doing a test recovery to ensure they are working at least once a month at your place?
So today when I picked my new specs up I asked about prescription lensed sunglasses and transition lenses etc. So I ordered up a pair of transitioned lens bifocals to help with riding in the low winter sun. I was advised they dont work well, if at all, in cars as the windscreens normally block the UV light that causes the lens to react, but I really want them for the bike, so its all good. 
