There is a pretty good free platform I use for backups and it includes the ability to scan files for ransomware/encryption so you don’t accidentally back up the data with locked/encrypted files. It’s called SyncBack in case anyone is interested.
My favorite part of the ransomware attacks I've seen is, when it was harder to buy bitcoin, the attackers sent a bitcoin amount but the equivalent in USD as well. So it was like, "send $56,421.36 to unlock your network..."
During COVID a company I worked for got attacked. Some divisions with 80s technology were basically not impacted. Others never recovered to full working and had to rebuild. The hackers gave a specific amount they wanted that was painful but not unreasonable. After the payment, they would tell how they got in and get everything back up. On divisions lead said they knew more about our system than the head of IT after the payment, After the payment most things we recovered. We lost about a week of production Spent 3 months building and compiling information to file the claim with the insurance company. We were partially insured. It ended up coming down to a negotiation with the insurance company which pissed me off and our risk guy caved way too much in my opinion. They told us how they got in. Some boomer clicked on the link and they used his email to reached out to others. Guy retired in shame and I think he knew it before they ratted him out.
Darknet Diaries is a good podcast if you like this kind of stuff. The newer ones are kind of meh but the older ones are good. The one about how these kids hacked xbox live is fascinating
This isn't shocking for many big companies and even tech companies don't isolate their services such that an actor who gains entry can get immediately into damn near everything. However, it IS shocking for a company whose damn near soul purpose is to suck every last penny out of you while you stay at one of their hotel/casinos and make everything about this experience as up to date in terms of how the technology appears, that is absolutely pathetic and honestly fuck them and their evil mission.
My understanding is this happens a lot more than people know and most companies just pay it and move it on.
This is a very common tactic and how a lot of orgs get got. That's why I demand multiple levels of verification before anything is reset or made for anyone.
I had to pull some stuff from the late 90s earlier this year and it was pulled from an iron mountain facility. It was very funny seeing emails from 1998 that had been sent, then eventually printed off, given to iron mountain, then at my request, scanned and emailed back to me