[holtalanm]

Doesnt this just mean that 80% of orgs that were hit with ransomware attacks just didn't bother to fix their infosec, and got hit again because they left the same holes open to be exploited?

Fool me once, shame on you. Fool me twice, shame on me.

[ADHDreamer]

So ransomware already means they got into the system, they could open a new secret backdoor or completely tear down your security if they wanted to. Plus it takes time to identify the ransomware to undo/remove it, so in that time they could attack again. paying ransomware ransoms is just saying "pretty please don't do this again".

[kerblang]

It can just as easily mean that the attacker found a second exploit after the first was resolved.

[beloch]

Since so many were hit by the very same ransomware group, it's likely that the attacker spotted a second exploit during the first attack. It's easier to spot things when you've already busted your way in and have the run of the place.

i.e. An attacker breaks into a system using one vulnerability, spots a few more vulnerabilities while snooping for data, files them away for future reference, extracts a ransom, and then repeats the process later after the victim fixes the first vulnerability but fails to address the others.

The takeaway lesson appears to be that, if you are hacked and fix the vulnerability that made it possible, you shouldn't stop there. You're marked as a target that pays and detailed information on your system is now out there. Even having fixed the first hack, you're more vulnerable than ever.

[mywittyname]

> Fool me once, shame on you. Fool me twice, you're not going to fool me twice.

- These Companies (probably)

[aiisjustanif]

Yes, but even more importantly it means they don’t have proper backups and disaster recovery.

[astockwell]

Most likely.