My worst nightmare as an IT Admin just came true tonight

[Heatman]

At least we have showers in the office lol.

There's no place like home lol

 

[Demon_Skeith]

Revolved101 no comment or questions? Good time to learn

 

[Revolved101]

Revolved101 no comment or questions? Good time to learn

How did you and team prevent the Ransomware attack?

 

[Demon_Skeith]

How did you and team prevent the Ransomware attack?

We really didn't and some of our backups aren't as good as we thought

 

[Heatman]

We really didn't and some of our backups aren't as good as we thought

The company will definitely invest more in that from now henceforth. They wouldn't want something like this to repeat again or it will cripple the company.

 

[WitchAssassin]

Jesus on a bike! Something like this makes me glad I don't have your job, D_S.

 

[Demon_Skeith]

Jesus on a bike! Something like this makes me glad I don't have your job, D_S.

Someone has to deal with it ^^:

 

[Revolved101]

Could be your reason why Demon_Skeith Hackers are using a critical flaw in VMware as part of a ransomware campaign targeting thousands of organizations

 

[Grungie]

Could be your reason why Demon_Skeith Hackers are using a critical flaw in VMware as part of a ransomware campaign targeting thousands of organizations

This article shows why you should keep your shit up to date if it's connected to the outside.

 

[cm2]

At least we have showers in the office lol.

Any office PLOT Waifu Pillows for the office sleepover? lol

 

[Heatman]

Any office PLOT Waifu Pillows for the office sleepover? lol

You this man lol... This is so funny.

 

[Demon_Skeith]

Could be your reason why Demon_Skeith Hackers are using a critical flaw in VMware as part of a ransomware campaign targeting thousands of organizations

ahhhh shit....

 

[Heatman]

This article shows why you should keep your shit up to date if it's connected to the outside.

Yeah, that's very correct. A lot of people make that mistake and they usually pay dearly for it.

 

[Demon_Skeith]

Still nothing official on who did it, but I hear we were a part of a string of a lot of companies all being hit at once, so I'm believing it's less than some few people but maybe a large group or country that attacked us. Which by us I mean USA as a whole.

 

[Grungie]

The way my network is set up, the effects would be minimal at worst. Could get it fixed in a day, and most of it involves waiting.

 

[Demon_Skeith]

The way my network is set up, the effects would be minimal at worst. Could get it fixed in a day, and most of it involves waiting.

One way to find out and hopefully you never do.

 

[Grungie]

One way to find out and hopefully you never do.

We have a lot of redundancy, and our critical stuff isn’t even connected to the internet. So we can just nuke the affected hosts and transfer the backups. We have a disaster recovery plan, and that’s almost verbatim.

All of our clients run thin clients, and last year someone opened up an infected attachment, so we just nuked the master image and brought up the secondary one. Then we purged the infected drive and experienced 20 mins of downtime.

 

[Demon_Skeith]

We have a lot of redundancy, and our critical stuff isn’t even connected to the internet. So we can just nuke the affected hosts and transfer the backups. We have a disaster recovery plan, and that’s almost verbatim.

All of our clients run thin clients, and last year someone opened up an infected attachment, so we just nuked the master image and brought up the secondary one. Then we purged the infected drive and experienced 20 mins of downtime.

Your critical stuff is still networked in right?

 

[Grungie]

Your critical stuff is still networked in right?

The critical stuff is on a closed network, and since you have to have access to the building and have an account to get on the network, infections are largely going to be through insider threats.

 

[WitchAssassin]

Strange shit had been happening to our stuff in the morning today, all of a sudden our Vms all restarted, some came back up, some did not while all my veeam backups vanished. We thought it was one thing and roughly near the end of the day, VM support confirmed we were being ransomware attacked. Saw my harden CIO pale and shake for the first time tonight as we started to scramble to get stuff back up and offline.

Needless to say, I'm working all this weekend

That sucks when you have to work the weekend. Will you get paid overtime for it?