[francisofascii]

Total speculation, my guess is WastedLocker. It has been hitting all types of companies in the past few months. Have a friend who's company was hit recently. They were somehow were able to encrypt the backups.

[aksss]

My vote is something's being held for ransom like DNS or account access rather than traditional storage encryption. It's pretty impressive if storage encryption crossed so many network boundaries and affected so many diverse resource types - phones, chat, email, website, distributed app platform. What other central resource besides DNS would have such a broad impact?

[5h]

Or their network isolation is very poor, super common in older tech companies.

[alexfoo]

Or they're hugely Windows based (Exchange, SQL Server, AD Servers, etc) and the same exploit got into a huge number of diverse machines.

Or shudder far reaching writeable network mounts.

[francisofascii]

Yes, exactly. My friend's company was Windows based with mapped drives to external servers.

[TwoBit]

Looks like their backups were mishandled. Any listing of best practices for backups includes their being stored offline.

[usrusr]

And the list of best practices for ransomware attackers includes keeping a low profile for a an undisclosed timespan before sending demands so that the victim does not know how far back the last clean backup would be. Backups are an important tool when solving the attack, but they are not the solution.

[alexfoo]

> Total speculation

The link was updated more than 2 hours before your comment to a zdnet article that even mentions a WastedLocker variant.