from Hacker News

Ask HN: How is encryption-based ransomware still a thing?

by pengwing on 1/8/22, 3:30 AM with 7 comments

From my understanding you only need two countermeasures (i) an append-only database (no mutable data) to store everything business critical and (ii) use virtualization on all clients to quickly re-provision a clean OS version.

So why does a recovery from ransomware take more than 300ms?

  • by new_guy on 1/8/22, 3:34 AM

    Well for a start you need to know how they got into your system, sure you could patch it all up in '300ms', but they'd just hack you again straight away.

  • by thesuperbigfrog on 1/8/22, 4:46 AM

    >> use virtualization on all clients to quickly re-provision a clean OS version.

    If the virtual OS has a vulnerability it will get hacked again.

    If the hypervisor has a vulnerability, you won't be able to reprovision.

    >> From my understanding

    If your understanding is correct, wouldn't the problem already be solved?

    If you DO know how to solve the problem, you could make millions by fixing the world's computer security problem. Go for it!

  • by magicalhippo on 1/8/22, 5:44 AM

    > (i) an append-only database (no mutable data) to store everything business critical

    How does that change anything? If your append-only database is encrypted by ransomware, you still have to recover from backups, no?

    In which case you're in the same spot with regards to external services you integrate with. That is, out of sync.