Cybereason: 80% of orgs that paid the ransom were hit again

43    18 Jun 2021 19:12 by u/kek

12 comments

10 u/splithead 18 Jun 2021 19:42
FunFact: Coincidently the new CISA bill congress is pushing through covers reporting these "attacks". The penalties for any non-governmental entitie's violation of this bill and/or failure to report an "attack" within 24hrs is...get this...0.5% per day of that entitie's gross revenue of the year prior! For reference: in **2015**, an average business with 10 employees could be charged $10,000/day with additional penalties.
5 u/afkb39sdfb 18 Jun 2021 21:24
Ha! Jokes on them. I use windows defender so I'll be super safe!
4 u/splithead 18 Jun 2021 21:57
Yes but your 40-day trail period of WinRAR has expired. So expect an IRS audit soon.
6 u/package 18 Jun 2021 19:54
Any organization that falls victim to ransomware deserves it if they can’t just restore from a recent backup. So many things have to be done incorrectly to end up in a position where you’re having to trust a hacker to give you your data back.
6 u/dadudemon 18 Jun 2021 20:41
What about TTPs that are not "activated" until months after compromise? Some of these ransomware attacks sit dormant in the systems, which includes the backups, for months. You can do everything right and still fail. There's literally no protection for a 0-Day attack until the attack becomes known and studied. You can run everything perfect in your organization and still fail because there's no accounting for new but unknown TTPs. This includes restoring from backups going back months and you just continue to re-infect yourself until you can isolate the compromise and sanitize.
6 u/deauthorize 18 Jun 2021 20:47
If they pay once they'll pay again
5 u/3putt 18 Jun 2021 23:51
It also means they don't have backups and they're stupid enough to pay therefore they're stupid enough to NOT patch the attack vector that was exploited in the first place. Cha-Ching!!!
3 u/Retrofire 18 Jun 2021 21:03
this is something that occurred to me. like, wtf is the point in paying a cyberansom? they still possess the source code, with almost certainty. they can fuck you over 50 hours from now, or 50 years from now i think the solution to this is to not get hacked in the first place. i wonder how hackers reassure their victims that they will actually destroy the code... they need to make money somehow so they must have some method
2 u/FilterBubbles 19 Jun 2021 08:03
They usually encrypt all files on the target servers and sell the company the decryption key.
2 u/deliverreviled 19 Jun 2021 21:44
LOL. Probably using the same vector that they got bit with the first time. Honestly, I see these ransomware groups as grey hat. They are just helping orgs get their shit together. Obviously, 80% didn't get their shit together the first time, so they haven't learned the Infosec lesson properly.