I vaguely remember the advice actually being to leave it running but disconnect it from the internet. Although maybe hard disconnect the backups if you can.
The advice I’ve always heard is disconnect network but leave powered for forensics/recovery. Some ransomware store the decryption key soley in memory, so it is lost upon power loss
That actually makes sense. We had a ransomware attack once. We also disconnected the device but I cant remember if we powered it off. At the time it stopped encrypting due to that since our network drives were not reachable anymore.
Is there actually a way to spread the encryption process to a server?
Nah. Rip that shit right out of the chassis. Destroy that RJ45 port. Make it so the security audit team has to resolder a jack to the mobo before they can even ssh to the box.
Trust me I run a security company. If you need help with your security please feel free to contact me! We are the best in the business!
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !programmerhumor@lemmy.ml
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.
Uh no
Go to the main breaker that feed the servers whatever. And pull the 600v switch off
The smartest layout for that situation is having the main breaker box close to the hooman IT operator room
No choice if it is very serious breach
I vaguely remember the advice actually being to leave it running but disconnect it from the internet. Although maybe hard disconnect the backups if you can.
And probably the intranet, too, just to be safe.
Depending on where the breaker is relative to the UPS, of course.
No, have a Safety Control Rod Axe Man. The dropping rod hits the breakers and smashes it, cutting power!
The advice I’ve always heard is disconnect network but leave powered for forensics/recovery. Some ransomware store the decryption key soley in memory, so it is lost upon power loss
That actually makes sense. We had a ransomware attack once. We also disconnected the device but I cant remember if we powered it off. At the time it stopped encrypting due to that since our network drives were not reachable anymore.
Is there actually a way to spread the encryption process to a server?
Im not a it expert at alll. But reallly ?
Nah. Rip that shit right out of the chassis. Destroy that RJ45 port. Make it so the security audit team has to resolder a jack to the mobo before they can even ssh to the box.
Trust me I run a security company. If you need help with your security please feel free to contact me! We are the best in the business!
just have a tub of water rigged above the server
Yea but it take time !!!
How many shit you have to unhook from whatever to save the shit ?? 100 ?? That take minutes !!!
Y’all… just… unhook the cable from the demarc…?
Should be a trunk line disconnect switch that kills both power and data. And if your manager is cool, then it’s a guillotine switch.