In case of cyberattack

Uh no

Go to the main breaker that feed the servers whatever. And pull the 600v switch off

The smartest layout for that situation is having the main breaker box close to the hooman IT operator room

No choice if it is very serious breach

The advice I've always heard is disconnect network but leave powered for forensics/recovery. Some ransomware store the decryption key soley in memory, so it is lost upon power loss
- That actually makes sense. We had a ransomware attack once. We also disconnected the device but I cant remember if we powered it off. At the time it stopped encrypting due to that since our network drives were not reachable anymore.
  
  Is there actually a way to spread the encryption process to a server?
- Im not a it expert at alll. But reallly ?
Depending on where the breaker is relative to the UPS, of course.
I vaguely remember the advice actually being to leave it running but disconnect it from the internet. Although maybe hard disconnect the backups if you can.
- And probably the intranet, too, just to be safe.
No, have a Safety Control Rod Axe Man. The dropping rod hits the breakers and smashes it, cutting power!
Should be a trunk line disconnect switch that kills both power and data. And if your manager is cool, then it's a guillotine switch.

Break and pull now, those are a mess

Only the ones added after initial install. The originals are nice and tidy.
You are not invited to look at my setup then.

These are clearly put together with care.
Ok but what about the door handle
- No, the instructions must be followed or it won't work. /j
- Hahahahahaahhahaha

Great idea, and realize likely a joke, but wouldn’t you just need to pull the one or two that connect out to the internet?

There could, in theory, be a malicious machine on the internal network that was previously infected, which is now acting as command and control. So if you didn't know which one it was...
- Turn of the power, no need to rip anything
Given that fucking rats nest of cables, even if you needed to only pull one: good luck finding it in a hurry and good luck pulling only that one.
- It is either the white one or the blue one so the odds are 50/50, right? /s
Depends. If you're at home with a single endpoint, maybe.

But in cases like the image there's a lot of internal traffic and you'd want to stop the malware spreading internally. There might not even be internet connection at all.

Most serious infections are able to work within isolated internal network. You can stop data breaches by cutting external traffic but if you have ransomware you might want to cut internal connections too.

You might be able to stop the ransomware from triggering on some devices. That of course depends on the type of ransomware and whether it's triggered based on time, external command or something else.
- Who cares if it's ransomware, just restore your backups

"Cut the hard line to the mainframe!"

seen too many times. But thank you for posting it on lemmy

me: