
Ransom paid to hackers who stole data from at least six UK universities - keydutch
https://www.telegraph.co.uk/technology/2020/07/23/ransom-paid-hackers-stole-data-students-uk-universities/
======
raxxorrax
Paying a ransom often doesn't lead to data restoration, but if it does, it is
still a mistake since you support the practice that way.

Couldn't read the article in full but universities are probably easy targets,
since many people have direct access to devices. Different kinds of breaches
are possible, but I would have a guess:

An employee opened the wrong mail and his account had too many rights for too
many folders and files and the malware began encrypting stuff in the
background. If that wasn't the case here, it is often the case for companies.

The employee isn't at fault. Attackers often have credible contact information
and know how to make a mail look valid. Even experts have difficulty filtering
these.

I think the best defense is actually a solid backup system. There are
admittedly somewhat expensive solutions ready on the market that can do
snapshots of all your devices every 15 minutes and can restore lost files with
a few clicks. Doesn't mean you shouldn't put up additional defenses, but in my
experience this is the most effective part for mitigating potential damage.

Instead of paying the ransom, you just restore the files yourself and the
attack has lost most of its effectiveness.

