I don’t manage production systems at Redgate, and I’ve not seen us have any disruption in the access to systems across the last few years. At a number of events, however, I’ve spoken to friends that have told me about the problems they’ve had with ransomware. I’ve been quite surprised how often this happens, as I see headlines, but none of the half dozen or so people I spoke with have worked at any company in the headlines. This is likely a bigger problem than I thought.
I don’t know if you’ve been attacked, but you should be prepared. Denny Cherry has had to deal with this at at least one client, and he wrote a few things down in this article. He doesn’t necessarily recommend you pay, though that’s certainly an option. If you do, you should be prepared for future attacks or other issues. Anyone that wants to hold your data hostage once might be inclined to do it again.
Apart from backups, air gaps, and other preventative measures you might take, including limited access between some workstations and servers, you ought to be sure you can rebuild systems that work in a similar manner to the current ones. Do you know what the specs and settings are for all your systems now? So many people assume they could just go get that information from the system itself, but what if you VMs and VM host are compromised? What if your monitoring system is encrypted? Do you really know all the settings that have been changed from defaults? If your DR plan somewhere outside the network and can you get to it?
This is a good reason why DevOps and infrastructure as code (IaC) are important in a modern organizations. In these cases, a VCS can hold the data you need to rebuild systems. This is a good reason by using GitHub or some remote VCS might be better than self-hosting your code. If you routinely rebuild systems for dev/test, you’ll have some idea of how to deploy, and if you think about IaC as a part of your DR process, you should be able to redeploy on new hardware (or existing hardware that’s wiped clean).
Ransomware is a part of the new world we live in, and we ought to be prepared to defend against it. Ensure you’re ready today, because there will likely be a ransomeware or other types of attack in the future. The more prepared you are with better practice now, the more likely you’ll be ready to adapt to some other security need in the future.