If someone malicious gets access to ACCOUNTADMIN, sets DATA_RETENTION_TIME_IN_DAYS=0 to all objects in a database and then start destroying these objects, does Snowflake provide a means to rebuild the database as it was before the attack? Time Travel should not be available anymore.
From my understanding, Failsafe kicks in only after Time Travel, so if Time Travel was set to 90, then from what I understand the best we can hope for is gaining back data that is 90 days old.
What to do to prevent this kind of scenario?
This is what Fail Safe is for. As soon as the malicious attack sets everything to 0 data retention, all of your data would be available in Fail Safe. You have 7 days before that data is removed. You would lose your time-travel for that 90 days, though.