Hosting firm says it lost all customer data after ransomware attack
Hosting firm says it lost all customer data after ransomware attack
What's the point of primary and secondary backups if they can be accessed with the same credentials on the same network
They weren't normally on the same network, but were accidentally put on the same network during migration.
What’s the correct way to implement it so that it can still be automated? Credentials that can write new backups but not delete existing ones?
Fundamentally there's no need for the user/account that saves the backup somewhere to be able to read let alone change/delete it.
So ideally you have "write-only" credentials that can only append/add new files.
How exactly that is implemented depends on the tech. S3 and S3 compatible systems can often be configured that data straight up can't be deleted from a bucket at all.
A tape library that uses a robot arm https://youtu.be/sYgnCWOVysY?t=30s
Backups that are not connected to any device are not susceptible to being overwritten and encrypted by malware.
i use immutable objects on backblaze b2
from command line using their tool is something like
b2 sync SOURCE BUCKETand from the bucket setting disable object deletion
also borgbase allows this, backups can be created but deletions/overwrites are not permanent (unless you enabled them)
Time and time again, data hosting providers are proving that local backups not connected to the internet are way better than storing in the cloud.
Any redundant backup strategy uses both. They both have inherent data loss risks. Local backups are great, but unless you store them in a bunker they are still at risk to fire, theft, vandalism and natural disasters. A good backup strategy stores copies in at least three locations. Local, off-site and the cloud. Off-site backups are backups you can physically retrieve. Like tapes stored in a vault in another city.
Now that you mention fucking incompetence, I need to verify my 3-2-1 backup strategy is correctly implemented. Thanks for the reminder, CloudNordic and AzeroCloud!
They had one job
People literally pay these guys to not screw up this one thing.
Danish hosting firms CloudNordic and AzeroCloud have suffered ransomware attacks, causing the loss of the majority of customer data and forcing the hosting providers to shut down all systems, including websites, email, and customer sites.
Other people's computers. Never forget.
I feel really bad for everyone involved - customers and staff. The human cost in this is huge.
Yes, there's a lot of criticism of backup strategies here, but I bet most of us who deal with this professionally have knowledge of systems that would also be vulnerable to malicious attack, and that's only the shortcomings we know about. Audits and pentesting are great, but not infallable and one tiny mistake can expose everything. If we were all as good as we think we are, ransomware wouldn't be a thing.
I think that people generally overestimate how much money tech companies like this one actually make. Their profits are tiny. A lot of the time, tech companies run on investment money, and can't actually turn a profit. They wait for the big acquisition or IPO payday. So if you think you're actually gonna get 100k off them, good luck. Sometimes they're barely keeping the lights on.
Put all the data in the cloud, they said. It will all be save and handled by professionals!
If you fuck up that badly you shouldn't be allowed to operate in that industry.
Problem is that you have to work in the industry to fuck up that badly.
They're a small company, they'll probably just go bankrupt.
Permanently Deleted
Sounds like they had all their backups online, instead of keeping offline copies. It's a reminder that everyone needs at least one backup that isn't connected to any computer. It's also a reminder that "the cloud" should not be the only place you keep your data, because hosting providers are targets for this stuff and you don't know how careful they are.
A hosting firm doesn't backup its data? WTF!
I wonder why they can't/won't pay.