Lately I’ve been dealing with a lot of ransomware cases. And often our team runs into issues with the IT staff from the victim organization.
33
260
56
1,306
Whether they’re embarrassed or afraid of being shown up or for whatever other reason, they’re uncooperative or in some cases actively working against our investigation.
2
6
1
252
So on a recent case, during our engagement kick-off call, I laid it out like this. “We’re going to investigate and figure out where this started. And it will be an unpatched system, or somebody clicking a link, or somebody just being unlucky with a web site they visited.”
3
14
3
263
Backups will definitely aid in recovery. They won't stop the ransomware from being implanted. And they won't stop the org from paying the ransom in order to avoid sensitive data being leaked.

Jul 19, 2021 · 2:32 PM UTC

1