I think that’s rather odd comment. Naturally nobody wants ransomware. And there are good reasons.
Backups may exist, but do they work properly? Or are the backups encrypted too?
How old are the backups? They might be less than a day old. But less than a day might still mean a lot of extra work and financial loss.
There might be a lot of work restoring the backups. You might have a lot of different systems.
In one of the largest ransomware cases in history, Maersk worked for months to get systems back up and running and data up to date. The insurance payout for it was 1,4 billions. Which is at least indicative of the cost.
Who cares if it’s ransomware, just restore your backups
I think that’s rather odd comment. Naturally nobody wants ransomware. And there are good reasons.
Backups may exist, but do they work properly? Or are the backups encrypted too?
How old are the backups? They might be less than a day old. But less than a day might still mean a lot of extra work and financial loss.
There might be a lot of work restoring the backups. You might have a lot of different systems.
In one of the largest ransomware cases in history, Maersk worked for months to get systems back up and running and data up to date. The insurance payout for it was 1,4 billions. Which is at least indicative of the cost.
And Maersk had recent and working backups.
Don’t tell me you’d try to continue using the compromised systems if you somehow aborted the drive encryption process
Likely not, but definitely depends on the situation.
And how do you know the backup is not compromised?
I think it’s not as clear cut. It’s always a risk assessment and depends on context.
I have to say that I’m not a security expert, just an amateur with conceptual understanding of the topic and some opinions.
Wait, we were taking backups?