[m-p-3]

But even when paying the ransom, you still need to roll back a portion of your environment after you've assessed the intrusion. Can you really trust you've patched everything and removed all trace of persistence that was put by the attacker as a contingency to get back in the system?

[NoPicklez]

That's the job of an external cyber incident response team who can trace how it occurred and to check that the vulnerability has been appropriately eradicated and locked before resuming business operations

[miohtama]

The easiest targets are those that are publicly known to be vulnerable.