Ha ha: "Hello, Iron Mountain? This is the CIO. We've discovered a
terrible computer virus that only exists on physical tape. I need you
to take every tape you can find to the shredder immediately. Wear
gloves and a mask - you don't want to catch it. Hurry!!"
On 9/4/2020 3:23 PM, Seymour J Metz wrote:
If you mirror a backup to a remote site, unload the tape and ship it to a
vault, it would take a clever cracker to ovevewrite it ;-)
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
________________________________________
From: IBM Mainframe Discussion List <[email protected]> on behalf of Tom
Brennan <[email protected]>
Sent: Friday, September 4, 2020 5:31 PM
To: [email protected]
Subject: Re: Ransoming a mainframe disk farm
Reminds me of a "Tech Support" (I think) magazine article I read many
years ago that started out with something like, "The company datacenter
has lost all its data, including all backups. A disgruntled employee
with full access ran weekend jobs which overwrote all tapes and disk
backups, and then finally overwrote the running disk volumes. The
company cannot survive." Then it went on to say this didn't really
happen, but was more of a call to action. It sure caught my attention
for the first few paragraphs!
By coincidence, yesterday I was at a datacenter implementing a temporary
Linux server running MinIO which is an S3 Object Store server that I
hope can simulate things like cloud processing for a proof of concept.
With some extra VTS microcode (still in beta I heard?), they tell me a
TS7770 can dump tape data onto a remote cloud server, to be restored if
needed by the same or any other TS7770. So we're going to run a test of
that in a week or two, I expect.
Now I assume that ransomware, or a disgruntled employee, could know
enough about a site to overwrite all "tapes" in the VTS, including any
remote cloud objects - unless there's a way to make those remote files
write-once. Don't know yet.
On 9/4/2020 11:50 AM, Jesse 1 Robinson wrote:
It’s Friday, so don’t rag on me for venturing into IT fiction. No one has hit
us with this challenge (yet), but it could happen.
Ransomware is much in the news these days. As unlikely as it might be, some
nefarious genius manages to lock you out of your entire disk farm and demands
rubies and bitcoin to remove the lock. Meanwhile your shop is out of the water.
You have everything meticulously mirrored to another site, but as with any good
mirror, the lock has been reflected in your recovery site.
The classic mainframe response--short of forking over the ransom--would be to
IPL a standalone DSS restore tape, then locate and mount standard offload
backup tapes. Restore enough key volumes to IPL a minimal system, then proceed
to restore (all) other volumes. It will take a while, but it will work.
Eventually.
Now consider a smartly modern shop that has taken the advice of a generation of
hired gurus and eliminated 'real tape' altogether. No more physical tapes. No
more physical tape drives.
What would be your sage advice?
.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-543-6132 Office ⇐=== NEW
[email protected]
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
