I'm sure they fully expected a company like this to have practically everything backed up anyway, so I kind of doubt they expected to get paid any significant amount of money to unlock the files. The ransom in this case would mostly be for not releasing that data to the public. If there was stuff in those files that the company really didn't want revealed, it might potentially consider paying.Lesson learned is to backup your stuff.
This source here states that, in at least their sample size of 5,000 IT managers of companies that paid a ransom, 95% of them got their data back. It would be bad for business as a ransomware operator if none of them ever unlocked the data, because then nobody would bother paying a ransom for files they know they won't get back anyways.Another good reason to have a robust backup plan. Paying ransom often results in one of two outcomes.
The crooks take the money and run, with nothing unlocked.
Or, since they were paid once, they ask for more (with nothing unlocked).
The crooks are the only possible winners here.
Lesson learned is to backup your stuff.
Sometimes that's not viable. You still need external access to the internet and most people are going to need that. So do you buy two computers for everyone? And then you need a system in place to safely transfer files over the gap because it only takes one person who didn't actually scan that file they brought over for malware and whoops, now your internal network is compromised.Yet another example of why you should air gap your internal IT structure.
How do you access a company's air-gapped network if they established a WFH mandate and all of your important work is on said air-gapped network?I have air-gaped with a netbook.
I am using an old HP workstation now.
Doesn't have to be expensive, last gen hardware is perfectly fine for it.