this post was submitted on 02 Apr 2024
172 points (96.7% liked)

Technology

59402 readers
2525 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 20 comments
sorted by: hot top controversial new old
[–] mp3@lemmy.ca 53 points 7 months ago (1 children)

If your backup can be reached by a ransomware, it's not a backup.

[–] Orbituary@lemmy.world 6 points 7 months ago (1 children)

Tell that to 90% of Veeam deployments.

[–] IHawkMike@lemmy.world -1 points 7 months ago (1 children)

Why name drop Veeam as if they're part of the problem?

They at least have good options to protect backups from ransomware with Linux hardened repos and immutable object storage.

[–] Orbituary@lemmy.world 1 points 7 months ago (1 children)

Because Veeam can be good, but it's only as good as the user pays for. I do ransomware recovery and incident response management for a living. More often than not, Veeam is implemented poorly and does not do what the customer thinks they paid for.

[–] IHawkMike@lemmy.world -1 points 7 months ago (2 children)

I still fail to see how that's the product's fault.

Is there some ransomware-proof backup solution that you find most people do set up correctly?

[–] Orbituary@lemmy.world 2 points 7 months ago

It's not specifically fault of the product. However, in my experience in this field, the only time client backups are encrypted is due to a false sense of security due to negligence and ignorance.

Veeam should not be configured by an inexperienced or underfunded tech staff.

[–] Rinox@feddit.it 1 points 7 months ago

Tape, probably /s

[–] tinyVoltron@lemmy.world 33 points 7 months ago (1 children)

The joke is on them. I don't back up anything.

[–] Quetzalcutlass@lemmy.world 13 points 7 months ago* (last edited 7 months ago)

Production is for testing and for data archiving. Think of the money we'll save!

[–] Boozilla@lemmy.world 18 points 7 months ago (1 children)

Stories like this make me want to retire early. Most bosses just aren't willing to pay for sufficient cybersecurity.

[–] Churbleyimyam@lemm.ee 17 points 7 months ago* (last edited 7 months ago) (2 children)

My boss encrypts nothing and leaves all of the machines switched on overnight, every night.

We got burgled once and someone made off with some postcards and £5 in loose change, overlooking access to a vast trove of customers highly exposing personal, financial, medical and legal documents that has never been purged for over a decade.

He didn't even change anything afterwards!

[–] Dark_Arc@social.packetloss.gg 13 points 7 months ago (1 children)

To be fair, the common thief isn't into that sort of burglary. They're looking for something they can pawn or use themselves

[–] T156@lemmy.world 6 points 7 months ago

Especially something that can be anonymised and moved quickly. For all they know, the computers are heavy/locked down, and may be tracked.

[–] Boozilla@lemmy.world 4 points 7 months ago

Is your boss Denholm Reynholm?

[–] arran4@aussie.zone 8 points 7 months ago (1 children)
[–] arcosenautic@lemmy.world 4 points 7 months ago

They'll never encrypt my 2000 DVDs!

[–] Tygr@lemmy.world 6 points 7 months ago

Come attack mine. It’s kept off my property on a hard drive disconnected from everything. Update it every 6 months.

[–] potatopotato@sh.itjust.works 6 points 7 months ago (1 children)

What methods are they using to locate the backups?

looks at stack of back up hard drives physically unplugged on the shelf

k.