I'm a tiny bit of an expert in ransomware and not much of an expert in mainframe backup strategies, but here goes ...
Just kind of a conceptual thought ... It seems to me the big advantage of tape (in this scenario) is the time lag. It is not perfectly up-to-the-minute, and therefore is "good" and not encrypted. It would be great if one had a mirrored disk farm that was always a couple of days behind real-time. With any luck you would have a usable system and usable data, albeit a day or two out of date. I do think it is really good to be thinking about these things. I think the mainframe ransomware scenario is more likely than we might like to think. Mainframes are really, really good at high-speed data encryption. And as Chad "Bigendian Smalls" Rikansrud observed: "you know the difference between Pervasive Encryption and Ransomware?" Answer: who has the keys. Why did Willie Sutton rob banks? "Because that's where the money is." If you were a Ransomware perpetrator, wouldn't you want to go where the really valuable data is? Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Jesse 1 Robinson Sent: Friday, September 4, 2020 11:51 AM To: [email protected] Subject: Ransoming a mainframe disk farm It’s Friday, so don’t rag on me for venturing into IT fiction. No one has hit us with this challenge (yet), but it could happen. Ransomware is much in the news these days. As unlikely as it might be, some nefarious genius manages to lock you out of your entire disk farm and demands rubies and bitcoin to remove the lock. Meanwhile your shop is out of the water. You have everything meticulously mirrored to another site, but as with any good mirror, the lock has been reflected in your recovery site. The classic mainframe response--short of forking over the ransom--would be to IPL a standalone DSS restore tape, then locate and mount standard offload backup tapes. Restore enough key volumes to IPL a minimal system, then proceed to restore (all) other volumes. It will take a while, but it will work. Eventually. Now consider a smartly modern shop that has taken the advice of a generation of hired gurus and eliminated 'real tape' altogether. No more physical tapes. No more physical tape drives. What would be your sage advice? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
