Kinda like that jackass AG who targeted a journalist for viewing the HTML of a state site and published an article about the PII hard-coded within the web app. Don’t make us look bad!

  • explodicle@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    1
    ·
    2 months ago

    Stupid question: how is ransomware still a thing? Why don’t institutions back up their data yet?

    • khannie@lemmy.world
      link
      fedilink
      English
      arrow-up
      18
      ·
      2 months ago

      In the early days of ransomware I helped a small business of a friend that was attacked. They got in and waited months, creating garbage backups until they were confident then sprang the trap.

      Tbh I was impressed with how thorough they’d been.

      • dave@feddit.uk
        link
        fedilink
        English
        arrow-up
        12
        ·
        2 months ago

        Yeah, backups are useless unless you restore and test regularly. But it’s one more step of admin that few people / organisations do sadly.

    • CoopaLoopa@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      4
      ·
      2 months ago

      Locking a company out of their systems isn’t the most lucrative part of ransomware anymore. Data exfiltration and threatening to release the data to the highest bidder is now the norm.

      Ransomware also typically sits on a system doing nothing for ~6 weeks before ever starting to encrypt and upload data. Even if companies have backups to restore from, they need to choose whether they’re going to restore entire machines quickly and risk still having the ransomware on the restored machine. Or they can take the long a painful route of spinning up new machines, then restoring just the data itself to individual apps/services to ensure you don’t still have ransomware after the restore.

    • raspberriesareyummy@lemmy.world
      link
      fedilink
      arrow-up
      5
      arrow-down
      2
      ·
      2 months ago

      Because the amount of organizations needing data backups / protection far exceeds the amount of available qualified IT personnel. So instead of training themselves, they hire morons who say “sure I can do your IT”