I work at a large tech company. We had a Windows XP system on our network get hacked. They used that to jump to our servers. IT had to quarantine off the whole lab, because they didn’t know where the hacker had hopped next. So then IT had to do a post-mortem and figure out how they got in and what was affected. That process took 3 months. In the meantime, any team with servers in that lab couldn’t use them. The team directly responsible for this couldn’t work at all for the full 3 months.
We lost 2 months of local Windows servers in a smash and grab ransomware. we were lucky that our PROD servers were Linux. And this was a place with an active Windows 10 upgrade plan, gateways and air gapping for non-compliant systems. Our luck/planning was the backups system allow for two months of roll back to remove the malware. For the sysadmins, the character limit on the file paths meant we lost a bit of deep dive information 8/10 folders deep. (Over 64 characters or something like that.)
I don’t have advice, just a worthless anecdote.
I work at a large tech company. We had a Windows XP system on our network get hacked. They used that to jump to our servers. IT had to quarantine off the whole lab, because they didn’t know where the hacker had hopped next. So then IT had to do a post-mortem and figure out how they got in and what was affected. That process took 3 months. In the meantime, any team with servers in that lab couldn’t use them. The team directly responsible for this couldn’t work at all for the full 3 months.
We lost 2 months of local Windows servers in a smash and grab ransomware. we were lucky that our PROD servers were Linux. And this was a place with an active Windows 10 upgrade plan, gateways and air gapping for non-compliant systems. Our luck/planning was the backups system allow for two months of roll back to remove the malware. For the sysadmins, the character limit on the file paths meant we lost a bit of deep dive information 8/10 folders deep. (Over 64 characters or something like that.)