my largest client had a massive ransomware attack in 2017. we managed to get everything back over the weekend
the CEO had about 250 gb of files on his onedrive. they tell you microsoft can recover with "previous version" HOWEVER they made him wait 45 days to get his files back, rendering them worthless
Haha. We've been hit twice. Another sign shop down the street 3 times... Once they get in, its very hard to keep them out unless you start over... They sit and wait for months, so if you restore a version days / weeks before the hit... Theyre still in. You have to identify how they got in... which I'm sure you know isnt that easy, Ours was a user who had admin access (Who never should have admin access) Leaked his password...twice. No one gets admin anymore except for me, and mine is a seperate admin login, not my normal login - We fired our previous IT company 2 years ago because of how they setup our system... Everyone had permission on everyones PC - I got tired of them...so I logged into the owners desktop, screenshotted his files and sent him an E-mail... They were gone a few weeks after that and now my sisters IT company runs everything... They do all the work for a couple 2000 seat hospitals, so guess who does everything here
We use Acronis for Vsphere / server backup. I dont use it for our Art room folder though, its too massive to pay what Acronis wants... So we can get our servers back up in under an hour. Then theyre also backed up to google drive... And our art server is backed up to google drive. I can d/l 8-9 TB a day from Google on our connection... Enough to restore the whole art room server in a day.... but google isnt a true backup, so they limit you to 2 TB a day...took us 4 days to get everything back.
Now I'm beefing it up - Our server is going to be a Truenas file host - Every PC in the building is going to back up to it daily.. Then it'll mirror to Google and Blackblaze and a local nas, and a remote server. All our important, must restore within hours stuff will be backed up to Acronis... but it's 20 cents per GB, which is crazy expensive.
Ransomware sucks. I've had 2 nights of formatting and reinstalling PC's to fix the issue... Everytime the owner asks "Why do they do it when its so easy to recover from?" Told him its not easy... But if you have the right backup strategy, and right people working on it...you can get by with minimum downtime. The hospitals my sister works at for instance has 8 PB of data - Theyre all backed up to tape drives... but if the hospital every got ransomwared (Which happens) They need to be back up instantly. They spend hundreds of thousands yearly on their backup solution,
[edit] And for the previous version thing - I let the software handle that. Google doesn't see what data it is because its encrypted - When I need to restore, I click a button on the nas and it'll pull the right files from google and restore to the date I tell it to. But again, it's a little slow because pulling thousands of files from google sucks. It's a great backup, but nothing beats having a local backup. I'm going to pretty much mirror the server on a system no one has access / rights to... Then if / when we ever get hit again, or a HD failure happens... Just re-direct the DNS To the secondary device while getting the first up... Zero downtime. A bit costly, but the first time we got hacked we were down for a day - 12 production people and 10 office people not being able to work for 1 day = massive costs, spending a few thousands on a backup solution to ensure zero downtime is pennies considering.
J/k. While I use it for backup, I go into it knowing its not meant for backing up... and have other backup solutions. I have a secondary NAS Backing up nightly....and sending the data to a remote Nas, While backing up to google drive, and I'm adding blackblaze into the mix shortly. 2 clouds + 1 local +1 Remote... I'll never lose a file.Cloud backups are slow when you have 10-20 TB of data...theyre mainly for the oh shit, none of my other backups worked moments. Everyone should have a local backup if they value not having downtime
