Oh, I see what you did there!
Man I feel your pain, I'm assuming you guys just wiped it all as opposed to paying the ransom? I can't imagine our bookkeeping/inventory machines going down, it would take far more man hours than its even worth to get everything back to where it was, and would not necessarily be worth paying any ransom. In all honesty, shy of whatever outstanding invoices that would have to be tracked down, it could be a nice clean slate if it happened here...
Yeah. I'd rather start from scratch than pay a ransom.... even if It cost us more to start from scratch.
We have everything backed up, for the most part. Our server and all our VM's are backed up and actively protected - VMS /servers have 6 months worth of backups - they get a full backup every week, with incremental backups everyday... which then gets duplicated to our cloud backup that has "unlimited" backups... So if something like ransomware gets through and deletes all our main backups and re-uploads the images to our cloud backup... our cloud backup never deletes older ones, so it's just a matter of finding a backup before the malware came onto the PC.
THEN I have a 100 TB server at home that I also backup the backups onto
So all our important stuff is covered.
Our Rip station, and our CNC station, as well as peoples desktops dont get backed up beyond the Desktop/documents being stored on the server getting backed up.... it was in hindsight, we figured all our files are backed up and fine, if anything else gets lost it's a quick image restore and we're back up. The malware of course made me realize All our profiles and custom samples and quicksets were a pain to get back. Luckily I keep manual documentation of custom CMYK colors for clients as well as printed samples/proofs in a book.... So it was just a bit of manual work getting it back up... took a few hours. it did make me realize the CNC also has al its custom tool configs as well as saved "artboards"...so now both of them are on our backup!
We got lucky. A sales rep PC got infected, It was a new varient that none of our software picked up... The sales reps PC was completely encrypted, then it hit the rip PC, then it it started to infect our server... But our server has protection and saw a ton of files starting to be encrypted and kept restoring the files from backup... So we only had 2 PC's that were demolished, and our server we just did a restore from a day before and it was backup instantly.
I got the alert from IT at 7 PM and I was in the office until 4 AM. I was doing everything that needed a physical pressence while our IT department was isolating the backups / ensuring our main servers that were infected with it but fighting it off didn't lose the battle. I had to cut everything off from the network so it didnt spread and manually check everyones PC's to figure out where it came from... then bring stuff back up and manually inspect it more. And even then it was days of constantly monitoring to make sure we didnt miss something.
The kicker? the owner of the company asked me why people end up paying if it's so easy to get back up and running...
If we werent setup the way we were, or didnt notice it when we did.. It'd have been a whole different story.
We got VERY lucky that day (and this happened about 3 weeks ago...) I am considering isolating our production PC's just incase. Our production guys will cry, but I still believe no matter how good your system and protection is... there will always be hindsights and things that get overlooked and next time could be a lot worst. The company lost a day of production, which wasnt too bad as we can always catch up. but if our main server got hit... I dont know how we'd have recovered.
Long post! TLDR; Make backups. And backups of your backups. And offsite backups of your already offsite backups. You can never be too safe. At the very least buy a NAS And backup to it, and buy a $10 a month cloud service that it backs up to... You dont need to know about computers to have a "Basic" backup solution... and it could save your butt in the future.
