theanswar t1_j60ab1h wrote on January 26, 2023 at 8:22 PM

Reply to comment by Fun_Ad_9878 in DOJ disrupts major ransomware group that extorted about $100M including from schools and hospitals by A-Do-Gooder

Its a challenge to do, after the fact. Once you're pwned, you can't go back. Many companies, public and private, have put off investing into their security and IT stack (Southwest Airlines) and have to deal with it after-the-fact.

Schools, especially public ones, can't invest in IT. Let's see what the voters and unions would approve: A new backup software or more in teacher salaries and school lunches. It's a losing game for most public school IT departments.

So they get exploited. And now they don't have the infrastructure or processes to restore from backup and start new. So they pay. They have to because it's still cheaper than all of the above.

Plus, what if it's a phish or social engineer? Then the mitigations above will only be partially effective.

It's a multi-dimensional problem, for sure, and technology can help mitigate some of it. But ransomware won't go away, and blaming the victim for paying to keep their organization going (saving lives or teaching kids) isn't the right thing to do either.

Fun_Ad_9878 t1_j60f4wf wrote on January 26, 2023 at 8:51 PM

Personally we were idiots. We had very weak passwords that were used on multiple machines and there were rdp ports open. Simply blocking the rdp ports by ip and then moving to a VPN with no ports open was enough. Then we set a different admin on each computer with a unique random password. Imo this is how they break in. They just find the next idiot. We are not talking about investing in security. We are talking about companies that just completely ignore security. We are just talking about basic things.

theanswar t1_j60fwt5 wrote on January 26, 2023 at 8:56 PM

>We are talking about companies that just completely ignore security

Correct, because its costly to even have someone on staff who manages it. Let the IT Admin also be the CISO... and the help desk... and the patch manager... and the hardware department... and software... you get the idea.

Very few school districts could afford a role for a security manager, as the board and parents would prefer the money be allocated to sports, teachers or programs.