On 6/24/21 3:08 PM, Shane Ronan wrote:
A lot of the payments for Ransomware come from Insurance Companies
under "Business Interruption Insurance". It in fact may be more cost
effective to pay the ransom, than to pay for continued business
interruption.
Of course along with paying the ransom, a full forensic audit of the
systems/network is conducted. The vector for many of these attacks is
via a worm triggered by someone opening an attachment on an email or
downloading compromised software from the Internet. Short of not
allowing email attachments or blocking Internet access, the best
method is to properly train users to not click on attachments or visit
"untrusted" sites, but nothing is perfect.
I wonder if this is preying off the firewall
hard-on-the-outside-soft-on-the-inside? At this point I'm not sure how
you can justify that because so many people are using their own
equipment. It's not just the operational side of the business they can
target, after all.
Mike
