Search service is being restored after ransomware attack
Posted: Thu Dec 01, 2022 4:43 am
History:
November 13: A server which was supposed to be upgraded was attacked by ransomware, probably due to rdp vulnerability, the search service is currently down for backup.
November 14: I'm restarting the search service with limited retention. The affected server had been already scheduled for upgrade, but I will need now also to copy the backup data to it which will take some time.
November 20: The server affected by the ransomware attack had the system reinstalled and it has been upgraded (RAM, disk space). I'm in the process of copying data from another server. Even as there is more RAM, for a subset of groups I will try to run mid retention range in the compact mode using sets as the server then starts several times faster and consumes twice less RAM, we'll see how it goes.
December 1: I will be engaging the server soon, maybe will try later today or tomorrow as it may take time to convert the database into the compact mode. It may take another week to copy all the data, but maybe I will be able already to run it very near full retention including the oldest headers.
December 2: The restored server has been engaged. There is a retention gap for some groups between 1200-2300 days, but it will be filled within a few days. Some server instances are run in the compact mode (natively supported sets) which wasn't a case in the past. Overall retention range is around 5300 days.
November 13: A server which was supposed to be upgraded was attacked by ransomware, probably due to rdp vulnerability, the search service is currently down for backup.
November 14: I'm restarting the search service with limited retention. The affected server had been already scheduled for upgrade, but I will need now also to copy the backup data to it which will take some time.
November 20: The server affected by the ransomware attack had the system reinstalled and it has been upgraded (RAM, disk space). I'm in the process of copying data from another server. Even as there is more RAM, for a subset of groups I will try to run mid retention range in the compact mode using sets as the server then starts several times faster and consumes twice less RAM, we'll see how it goes.
December 1: I will be engaging the server soon, maybe will try later today or tomorrow as it may take time to convert the database into the compact mode. It may take another week to copy all the data, but maybe I will be able already to run it very near full retention including the oldest headers.
December 2: The restored server has been engaged. There is a retention gap for some groups between 1200-2300 days, but it will be filled within a few days. Some server instances are run in the compact mode (natively supported sets) which wasn't a case in the past. Overall retention range is around 5300 days.