Comment Re:Another one bites the dust... (Score 1) 41
I've been out of IT for many years now, but one question I always have about these ransom scenarios is this: wouldn't advanced journaliing filesystems make recovery from an attack much easier, particularly filesystems where you can mount a shapshot? You could just start serving a past snapshot then make any updated files available as you clear them.
Back in the day I had customers who had incompetent DBAs bork their databases with bad SQL DML and DDL. Where the customer was using Oracle it was pretty easy to walk that stuff back because under the covers Oracle has been making heavy use of COW in their database storage. This allowed me to selectively walk back certain sets of problematic transactions. I could roll back just the transactions made by a certain user on a certain day that involved particular operations or database objects. You didn't have to figure out how to undo the individual effects of the bad transactions, you just waved your magic wand and it was as if those transactions never happened.
There must be some reason people aren't using file systems with COW and efficient snapshotting for general file service, because of on the face of it this seems like an obvious solution to the problem.