ASM and crypto lockers

ASM – Automatic Storage Management – was introduced by Oracle with the Oracle Database 10g back in 2002.

Even at the first release the promises on enabling easy storage management and a IO distribution automization that fitted the the usage for an Oracle database was delivered.

Since then a lot of enterprises round the globe has adopted using ASM and at the same time by strength of numbers ensured that bugs has been ironed out.

It is still though possible to encounter DBA’s which are not aware about the benefits of ASM – and when being explained about this they can usually hardly wait to deploy ASM.

If these DBA’s are also introduced to big-file tablespaces there is almost no end to their expectations.

There is however a benefit of ASM, that came as a very pleasant discovery for me and this is what this post is concerning – and: “No, this is not part of the Oracle University lecture on ASM“.

The story behind was that a large enterprise suffered a massive ransomware attack, destroying – among a lot of things – the Oracle database servers.

Even if these were protected by Dataguard deployed on two sites, the network topology did not include sufficient separation between the sites to prevent the ransomware from spreading.

The ransomware corrupted files on the Windows servers – and even if it was claimed to have a default operation of “just” corrupting documents and the like – it was corrupting all files – and somehow “sqlplus.exe.locked” did not work as “sqlplus.exe” 😉

Good thing though: it only currupted files; finding and accessing raw disks without filesystem, without drive label nor drive letter was not possible for the ransomware code.

The happy consequence of this was, that after installing the Oracle software on a fresh server and mounting the old ASM disks from the corrupted server the original ASM diskgroups came up and after some time (possibly doing some clean-up after what must have been seen as a server crash) all datafiles, a set of redologs and a controlfile was “still there” and after making the necessary restoration of “multiplexed” redologs and controlfiles the database came up with no dataloss.

Conclusion: ASM provided by its very core functionality an extra layer of protection against security breaches like ransomware attacks.