10tb data recovered after Multiple Hard Drive Failure for Cayman Islands, but 4gb may be lost forever.

The Cayman Islands Government are still trying to recover critical data after a series of hard drive failures in the last 2 years. The lost data includes important police files.

The saga started in February 2012 when a controller card in the police server in George Town failed, this was followed by a server hard drive failure in August 2012, plus two more hard drive failures in April 2013.

Still reeling from these failures in October 2013, three more hard drives failed at the same time, causing significant data loss for the Royal Cayman Islands Police Service.

It is not clear if the three concurrent failures were from a RAID array, though this seems very likely. One of the primary purposes of RAID arrays is that a hard drive failure will not cause loss of data, in fact some RAID systems can have 2 simultaneous hard drive failures without file loss. So why 3 hard drive failures at the same time. The likely cause is that when a RAID drive fails data is automatically re-distributed across the remaining drives, but this makes each individual hard drive work excessively hard as lots of data needs to be read and written to the drive, thus this extra work causes another hard drive to fail.

According to Cayman Islands computer services officials they restored 10tb of data, mostly from tape backups. Unfortunately Cayman officials report that human error meant that not all data was restored. After reviewing the backup logs, it was determined that the RCIPS server was only manually updated with three of the four logical hard drives. So a portion of the server did not get backed up.” Mr. Liebaers (The Acting Information Commissioner) asked. “How is it that a backup is corrupted and nobody knows? … Aren’t backups tested occasionally to make sure they actually contain real, usable data? Apparently that was not the case.”

Mr. Whittaker said the Computer Services Department had found that a portion of the RCIPS server “did not get backed up.”

It is reported that much effort has been put in by data recovery specialists who have managed to restore all but 4gb of data – however it is thought that some data will be lost forever.

The Cayman Islands Computer Services Department has reported that they have put “more checks and balances” in place to ensure that data will not be lost in the future.

One commentator suggested “Somebody was not doing a very good job – on a hurricane prone island disaster planning should make this level of data loss impossible. It is likely that the vast majority of this data is not updated on a regular basis, thus most of it could be remotely backed up multiple times also this amount of data could be easily stored on magnetic tape and stored off-site with further copies sent completely off the islands for protection from Fire, Flood or Hurricane? So even if a full backup was only done every quarter, over 90% is still protected.

This story has a lesson for any organisation that holds data:

Have adequate in house backup software with whatever redundancy is necessary to allow for multiple device failures.

Do periodic test restores to ensure that backups are actually backing up all data.

Have adequate offsite backups, whether physical media removed to a safe location or via a cloud backup service.

Cryptolocker GOZeuS

What is it? Is your Data Secure and will a Data Service help you if you are infected.

GOZeuS are a pair of viruses both infecting computers at the same time.

GOZeuS (P2Pzeus / Game Over Zeus)  – is a malware / spyware that once installed on users computers will spy on the user and seek out valuable financial data eg bank details. This data will be fed back to the criminals who can use the data to defraud the user. All of this unknown to the user.

Cryptolocker – is Ransomeware. After GOZeus has spent some days extracting data Cryptolocker turns on and encrypts common files eg Word or Excel, so that users cannot access their important data. A message pops up on screen telling the user how they can pay $300 to $600 to unlock their data.

Although it is possible to remove these nasty pair, it will be nearly impossible to access the encrypted files.

Unprecedented global co-operation to limit the damage that Crypto Locker & GO ZeuS will cause.

The FBI in the US, Europol in Europe and the National Crime Agency along with many other Government agencies around the world, plus all of the large internet companies around the world have been working together in recent weeks to try to prevent massive attacks expected against millions of computers dring June 2014.

Although this twin virus has been around since 2013 the criminals have been planning a massive propogation of the viruses by using 1000’s of already infected computers owned by innocent users around the globe, who have no idea what their computer is about to unleash on other innocents.

It is undeerstood that Russian hacker Evgeniy Mikhailovich Bogachev and over 90 others around the world have already been arrested and authorities have been able to shut sown many of the main controlling computers that the criminals had access to. However the virus does not need these computers or the criminals to spread further.

Authorities expect many of these ‘zombie bots’ sitting on peoples computers will awaken before the middle of June 2014 and start their attacks on other computers.

Data Recovery Services will be able to remove the virus, but if it has locked your data this will be lost forever.

What can you do:

• Backup important files now.
• Make sure your operating system is up to date.
• Make sure your anti-virus software is up to date – if you do not have anti virus softaware – install it urgently.
• If there is ANY doubt about email attachments that you receive DO NOT open them – even if they come from a person or organisation that you know. These computers could be hijacked and the virus sent in an attachment from what you think is someone you know. An unfamliar email subjest line from someone you know may be a clue. If in any doubt, reply to the email and ask them if the attachment is genuine.
• Similarly, if there is ANY doubt about links in emails you receive, particularly if they seem to come from a large organisation you know DO NOT click the link. Type in the web address of the company you know and click through their navigation to the page you think you need to go. If necessary call them and ask if the email is genuine.
• Many of the anti-virus companies have a free tol available to check if your computer is infected. Contact the company that provides your antivirus software.

You can read more at Bloomberg.com