Re: Can somebody explain these ransomwear attacks?

[Michael Thomas <mike () mtcc com>]

On 6/24/21 3:08 PM, Shane Ronan wrote:
> A lot of the payments for Ransomware come from Insurance Companies 
> under "Business Interruption Insurance". It in fact may be more cost 
> effective to pay the ransom, than to pay for continued business 
> interruption.
>
> Of course along with paying the ransom, a full forensic audit of the 
> systems/network is conducted. The vector for many of these attacks is 
> via a worm triggered by someone opening an attachment on an email or 
> downloading compromised software from the Internet. Short of not 
> allowing email attachments or blocking Internet access, the best 
> method is to properly train users to not click on attachments or visit 
> "untrusted" sites, but nothing is perfect.
I wonder if this is preying off the firewall 
hard-on-the-outside-soft-on-the-inside? At this point I'm not sure how 
you can justify that because so many people are using their own 
equipment. It's not just the operational side of the business they can 
target, after all.

Mike