Problems displaying this newsletter? View online.
SQL Server Central
Featured Contents
Question of the Day
Redgate SQL Prompt
The Voice of the DBA
 

Beware, More Ransomware is Coming

Criminals seem to take advantage of anything that will allow them to gain more money, power, or notoriety. It seems in the last year that ransomware has become more prevalent and widespread in all sorts of organizations, though a number of governments have had high profile attacks. They've often paid the ransom, with the help of insurers.

While that might seem like the most expedient way to get back to working, it can be a problem, as this article points out. It can often be more expensive, in time and currency, to combat an attack than to pay a deductable and have the insurer cover the rest. When insurers start to pay for the attacks, then it provides an incentive for more attacks, especially similar attacks at governments or other corporate divisions where the security (or lack thereof) might be similar.

This also can influence more organizations to purchase insurance, which might be part of the reason insurance companies are happy to pay out the policy. I expect that insurers can't pay all policies, so I would hope they would start to require more proactive security measures and policies to prevent attacks against some companies. In fact, I hold out hope that insurance, not government, will drive more companies and organizations to implement better security practices.

The downside is that sometimes paying the ransom doesn't get the keys to decrypt files. In fact, I suspect that it's as likely that the criminals don't have the key as they just make a mistake in their "customer service" effort to provide the key. All sorts of organizations have trouble providing the right keys at times to customers, so I'd expect this happens to criminals as well. I also wouldn't be surprised if some criminals aim to exact a second ransom, perhaps devised to be just below the insurance policy limit, before providing a key.

The takeaway for most data professionals here is that we want to be very careful with our data, especially our backups. While others might lose their data to encryption, it behooves us to severely limit access to backup files to prevent a rogue account accessing them, and certainly we would want to to air gap backups wherever possible. If we find out that systems are encrypted, at least we can recover our data on new hardware. If our application code is likewise held in another system, like GitHub or BitBucket, then we might even get back to work quicker, at least for our data-driven applications.

Security continues to be an increasing part of the data professionals job. As a way to ensure your career continues to advance and grow, pay attention to how well you secure your organization's data.

Steve Jones - SSC Editor

Join the debate, and respond to today's editorial on the forums

Redgate SQL Prompt
 
 Featured Contents
Stairway to SQLCLR

Stairway to SQLCLR Level 2: Sample Stored Procedure and Function

Solomon Rutzky from SQLServerCentral.com

In the second level of our Stairway to SQLCLR, we look at how to enable the SQLCLR in SQL Server. We then build an assembly, store procedure, and a function that can be called from your T-SQL code.

Backup Techniques Available Exclusively When Using Azure VMs

Additional Articles from Database Journal

Learn backup techniques available exclusively when using Azure VMs to host SQL Server-based workloads.

Free eBook: Understanding SQL Server Concurrency

Press Release from Redgate

When you can’t get to your data because another application has it locked, a thorough knowledge of SQL Server concurrency will give you the confidence to decide what to do.

From the SQL Server Central Blogs - Get the Last Actual Plan With sys.dm_exec_query_plan_stats

Grant Fritchey from The Scary DBA

I’ve always felt responsible for making such a big deal about the differences between estimated and actual plans. I implied in the first edition of the execution plans book...

From the SQL Server Central Blogs - Get Started with the For Loop Container in SSIS

Tim Mitchell from Tim Mitchell

SQL Server Integration Services is equipped with tasks and containers to make it easy to design and maintain the flow of ETL: which logic should be executed, when should...

 

 Question of the Day

Today's question (by Steve Jones - SSC Editor):

 

Modifying the Dataframe in R

I have this dataframe in R: 
> speaking
  ID   Name Year Events
1  1  Steve 2015     30
2  2  Grant 2015     29
3  3 Kendra 2015     31
4  1  Steve 2016     30
5  2  Grant 2016     22
6  3 Kendra 2016     31
7  1  Steve 2017     24
8  2  Grant 2017     34
9  3 Kendra 2017     27
I want to modify row 3, and change the Events value for Kendra to "NA". How can I do this?

Think you know the answer? Click here, and find out if you are right.

 

 

 Yesterday's Question of the Day (by Steve Jones - SSC Editor)

Reindexing a database

The DBCC DBREINDEX command has been around for a long time in SQL Server. However, it has also been deprecated, meaning that future work should not use this and existing code that calls this should be refactored.

What command should be used instead?

Answer: ALTER INDEX

Explanation: The ALTER INDEX command ought to be used instead of DBCC DBREINDEX. Ref:

  1. ALTER INDEX - https://docs.microsoft.com/en-us/sql/t-sql/statements/alter-index-transact-sql?view=sql-server-2017
  2. DBCC DBREINDEX - https://docs.microsoft.com/en-us/sql/t-sql/database-console-commands/dbcc-dbreindex-transact-sql?view=sql-server-2017

Discuss this question and answer on the forums

 

 

 

Database Pros Who Need Your Help

Here's a few of the new posts today on the forums. To see more, visit the forums.

SQL Server 2017 - Administration
Collation change - Hi, We recently built a server using a prebuilt AWS AMI and the default collation isn't what the application vendor asked for. We ran the sqlservr -m -T4022 -T3659 -s"SQL2017" -q"somecollation" command which seems to have changed the DB collations but the default server collation seems to still be the same SELECT CONVERT (varchar, SERVERPROPERTY('collation')) […]
SQL Server 2016 - Administration
query execution plan - hello experts, i need help to understand query plan and what i can do to make it better . i am really confused about the missing index message .
Check if the statistics are off for table variables - Hi, How do I check if statistics are off for table variables? Thanks,
The EXECUTE permission was denied on the object for user in db_owner - Hello experts, A user who is in the db_owner role for a database reported that he is getting this error: Msg 229, Level 14, State 5, Procedure ReportProc, Line 1 [Batch Start Line 1] The EXECUTE permission was denied on the object... Does anyone know why EXECUTE would fail for an owner of the database? […]
Performance impact by running 2 scripts on the prod server. - I have 2 script which I want to run in our production environment since we don't have a monitoring tool in place and I have a feeling that there is a runaway query which is filling up the log file. The log file grows to be 300+ sometimes. We use DPM (Microsoft product) to take […]
SQL Server 2016 cannot show correct cpu cores in CPU affinity - Hi Guys, I wonder if SQL Server cannot support too many cpu cores? select @@version Microsoft SQL Server 2016 (SP2-CU8) (KB4505830) - 13.0.5426.0 (X64) Jul 21 2019 21:16:47 Copyright (c) Microsoft Corporation Enterprise Edition: Core-based Licensing (64-bit) on Windows Server 2016 Standard 10.0 (Build 14393: ) select * from sys.configurations where name = 'affinity […]
SQL Server 2016 - Development and T-SQL
wierd type conversion error - Hi I've been tracking through some code that has a type conversion error from varchar to uniqueidentifier I started commenting out parts of the code and found the offending line of code WHERE vaoq.Questionnaire_ID = '09C4C7B4-1275-460A-AE23-FFA9256B1ABE' I checked that this is a valid GUID (using convert) the only way I managed to get this fixed […]
Administration - SQL Server 2014
Table Rows deleted but not shrinking in size - Hi Folks, a general question here for better admin on a database. Have a number of tables, with approx 100 rows that clear down and re-populate every 5 minutes, however they're growing in size, up close to 10 gb even though the data is small. I deleted one of these tables, but the database is […]
SQL 2012 - General
Database Backup and corruption Jobs - Hi, Please advise of the below scenarios 1Q) I am trying to reduce the sql agent back up job running time. The job pickups a SSIS package which basically takes full backup of all user db's; which is taking 7+ hours to succeed  ( Due to the fact that 2 of the databases are of […]
SQL Server 2008 - General
Recycle SQL Agent Error Logs - hi all I want to keep 1 month worth of SQL agent Error logs and plan to cycle every week  by running : EXEC dbo.sp_cycle_agent_errorlog ( using SQL JOB) How do I do this ? Thanks All  
Reporting Services
permissions to connect to a report server 2016 - I have upgraded a vb.net web form application to be vb.net 2012. This application can currently call a report server that is 2008 or 2010 with no problem. I am trying to get this application to connect to a report server 2016. I am getting the error message, 'The permissions granted to user 'X\User' are […]
RC4 cipher disabled, Report Manager / Server no longer accessible - We not too long ago were required to remove / disable the RC4 cipher suite on our servers.  Shortly after that, I found I could no longer access the SSRS Report Manager and Report Server pages via IE.  At the time, this was not a pressing concern and I let it slide until just recently […]
SSRS 2014
trying to get everything to fit on 1 page - Hello, this might be very easy but not sure, i have an invoice, and after the invoice, i am trying to print the terms and conditions etc., however that needs to always be on a seperate own page... anyway to do that? example: invoice invoice info ... page 2 or page 3 depending on how […]
Powershell
Map a drive to a particular login and make it available all the time -   I am not sure if this is something possible, i would like to map a share to a drive letter using a particular login and if that login tries to hit that server remotely it should be able to see that mapped drive.
Analysis Services
MDX query: how to use the unequal operator between different attributes - Hi all, I am new to MDX and I have already tried Google to find a solution for my query but didn't get any answer by myself. For the use case, I have a role-play dimension (geography), a customer and store. Geography is used both in customer and store. I want to figure out, how […]
 

 

RSS FeedTwitter

This email has been sent to {email}. To be removed from this list, please click here. If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. This newsletter was sent to you because you signed up at SQLServerCentral.com.
©2019 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
webmaster@sqlservercentral.com

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -