Zachy’s auction site down for over a week. First “technical difficulties” then a couple of days ago, the website admitted their third-party auction administrator has been ransomwared. Update expected 12/28.
Unsure if this means that previous buyers will have the potential for huge security/personal/financial info breach if the third party decides not to pay, or if it’s just threat of a data wipe. Not much info coming from Zachy’s. Anyone have any details?
Why do businesses and individuals not continually back up their data? Back-ups seem the best defense.
They do. Most Ransomware corrupts files that then get backed up. You have to catch it before every backup is trashed. And you lose several days or weeks of data.
I think realistically, people always are living with the risk of info breaches from vendor cybersecurity problems. It’s not just the Zachys of the world - its Target, HomeDepot, school systems, everything.
The clumsiness of IRS mainframe systems may be a saving grace.
I’m ITB for IT, backup isn’t necessarily the best defense but that’s neither here nor there…most people just think it’s not going to happen to them and don’t value spending the money just in case something happens (basically paying for insurance). The best way to look at it is that you’re going to get hacked and something is going to happen, you just need to be prepared for when it does.
I’m sure their 3rd party company has a small IT budget and just spend the money on something else rather than an executable DR plan. See it every day.
Def an opportunity for me to call them if anyone knows who it is =)
Just run a stateless business, with all application code checked in to Github. Reconstruct it as required, who needs data!
RTOs and RPOs get quite hard to manage, in all seriousness. Archive data, sure - but you need to validate you can restore from it on a regular basis. Also if your backups get corrupted because you didnt catch the ransomware fast enough. If you lost 48 hours of shipped orders, what do you do? Resend them all?
Just stick to good practice - least permission service accounts, active logging and monitoring, read replicas where possible, etc.
Uh… and State Department, Homeland Security, Treasury Department …
Agreed. Hence, I back up via multiple vendors, especially my US lawsuit documents, and always am ready to junk my laptop and phone.
FWIW- everything is back up again. The auction will reopen tomorrow morning and run through January 4th.
Everyone has to create a new password- I was having trouble with that this morning and called in, confirming others having similar, but I was just now able to reset my password, so looks like all is good to go.