"Bill Gates and the FBI say it is the worst virus ever. Forward this to everyone in your address book."
Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Tom Brennan Sent: Friday, September 4, 2020 4:33 PM To: [email protected] Subject: Re: Ransoming a mainframe disk farm Ha ha: "Hello, Iron Mountain? This is the CIO. We've discovered a terrible computer virus that only exists on physical tape. I need you to take every tape you can find to the shredder immediately. Wear gloves and a mask - you don't want to catch it. Hurry!!" On 9/4/2020 3:23 PM, Seymour J Metz wrote: > If you mirror a backup to a remote site, unload the tape and ship it to a > vault, it would take a clever cracker to ovevewrite it ;-) > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > > ________________________________________ > From: IBM Mainframe Discussion List <[email protected]> on behalf of > Tom Brennan <[email protected]> > Sent: Friday, September 4, 2020 5:31 PM > To: [email protected] > Subject: Re: Ransoming a mainframe disk farm > > Reminds me of a "Tech Support" (I think) magazine article I read many > years ago that started out with something like, "The company datacenter > has lost all its data, including all backups. A disgruntled employee > with full access ran weekend jobs which overwrote all tapes and disk > backups, and then finally overwrote the running disk volumes. The > company cannot survive." Then it went on to say this didn't really > happen, but was more of a call to action. It sure caught my attention > for the first few paragraphs! > > By coincidence, yesterday I was at a datacenter implementing a temporary > Linux server running MinIO which is an S3 Object Store server that I > hope can simulate things like cloud processing for a proof of concept. > With some extra VTS microcode (still in beta I heard?), they tell me a > TS7770 can dump tape data onto a remote cloud server, to be restored if > needed by the same or any other TS7770. So we're going to run a test of > that in a week or two, I expect. > > Now I assume that ransomware, or a disgruntled employee, could know > enough about a site to overwrite all "tapes" in the VTS, including any > remote cloud objects - unless there's a way to make those remote files > write-once. Don't know yet. > > On 9/4/2020 11:50 AM, Jesse 1 Robinson wrote: >> It’s Friday, so don’t rag on me for venturing into IT fiction. No one has >> hit us with this challenge (yet), but it could happen. >> >> Ransomware is much in the news these days. As unlikely as it might be, some >> nefarious genius manages to lock you out of your entire disk farm and >> demands rubies and bitcoin to remove the lock. Meanwhile your shop is out of >> the water. You have everything meticulously mirrored to another site, but as >> with any good mirror, the lock has been reflected in your recovery site. >> >> The classic mainframe response--short of forking over the ransom--would be >> to IPL a standalone DSS restore tape, then locate and mount standard offload >> backup tapes. Restore enough key volumes to IPL a minimal system, then >> proceed to restore (all) other volumes. It will take a while, but it will >> work. Eventually. >> >> Now consider a smartly modern shop that has taken the advice of a generation >> of hired gurus and eliminated 'real tape' altogether. No more physical >> tapes. No more physical tape drives. >> >> What would be your sage advice? >> >> . >> . >> J.O.Skip Robinson >> Southern California Edison Company >> Electric Dragon Team Paddler >> SHARE MVS Program Co-Manager >> 323-715-0595 Mobile >> 626-543-6132 Office ⇐=== NEW >> [email protected] >> >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN >> > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
