How is encryption-based ransomware still a thing?

Question

From my understanding you only need two countermeasures (i) an append-only database (no mutable data) to store everything business critical and (ii) use virtualization on all clients to quickly re-provision a clean OS version.So why does a recovery from ransomware take more than 300ms?

new_guy · Accepted Answer

Well for a start you need to know how they got into your system, sure you could patch it all up in '300ms', but they'd just hack you again straight away.

thesuperbigfrog · Answer

>> use virtualization on all clients to quickly re-provision a clean OS version.
If the virtual OS has a vulnerability it will get hacked again.
If the hypervisor has a vulnerability, you won't be able to reprovision.
>> From my understanding
If your understanding is correct, wouldn't the problem already be solved?
If you DO know how to solve the problem, you could make millions by fixing the world's computer security problem. Go for it!

magicalhippo · Answer

> (i) an append-only database (no mutable data) to store everything business critical
How does that change anything? If your append-only database is encrypted by ransomware, you still have to recover from backups, no?
In which case you're in the same spot with regards to external services you integrate with. That is, out of sync.