<div dir="ltr">A lot of the payments for Ransomware come from Insurance Companies under "Business Interruption Insurance". It in fact may be more cost effective to pay the ransom, than to pay for continued business interruption. <div><br></div><div>Of course along with paying the ransom, a full forensic audit of the systems/network is conducted. The vector for many of these attacks is via a worm triggered by someone opening an attachment on an email or downloading compromised software from the Internet. Short of not allowing email attachments or blocking Internet access, the best method is to properly train users to not click on attachments or visit "untrusted" sites, but nothing is perfect.</div><div><br></div><div>Shane</div><div><br></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jun 24, 2021 at 6:01 PM Michael Thomas <<a href="mailto:mike@mtcc.com">mike@mtcc.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p><br>
</p>
<div>On 6/24/21 2:55 PM, JoeSox wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr"><br clear="all">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>It gets
tricky when
'your' company
will lose
money $$$
while you wait
a month to
restore from
your cloud
backups.</div>
<div>So
Executives
roll the dice
to see if
service can be
restored
quickly as
possible
keeping
shareholders
and customers
happy as
possible.</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
</div>
</blockquote>
<p>But if you pay without finding how they got in, they could turn
around and do it again, or sell it on the dark web, right?</p>
<p>Mike<br>
</p>
<br>
<blockquote type="cite">
<div dir="ltr"><br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Jun 24, 2021 at 2:44
PM Michael Thomas <<a href="mailto:mike@mtcc.com" target="_blank">mike@mtcc.com</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
Not exactly network but maybe, but certainly operational.
Shouldn't this <br>
just be handled like disaster recovery? I haven't looked
into this much, <br>
but it sounds like the only way to stop it is to stop paying
the crooks. <br>
There is also the obvious problem that if they got in,
something (or <br>
someone) is compromised that needs to be cleaned which
sounds sort of <br>
like DR again to me.<br>
<br>
Mike<br>
<br>
</blockquote>
</div>
</div>
</blockquote>
</div>
</blockquote></div>