Comment by Tangurena2
3 days ago
I work in the state government space. Many targets/victims of ransomware are small/local government agencies and the ransom demands are greater than their annual budgets. Not every agency is big enough to have someone (bored) come in on Sunday, notice stuff getting encrypted and then run in to the server room and hit the big red button like Virginia's legislature in 2021[0].
Many ransoms are far more than the victim can actually pay. Not all ransom payments result in a decryption key that actually works.
Notes:
0 - https://www.nbcnews.com/politics/politics-news/officials-vir...
Most local governments lack the scale and budget to competently maintain their own IT infrastructure. It's not just security but everything. They should outsource the infrastructure layer to a large contractor, or possibly to the state government.
Contracting IT services at that level overpays by a whole number multiple for worse results because the government doesn’t have the in-house expertise to tell when the contractor is doing something wrong. (This is one reason why many construction projects go over budget: someone saved by laying off the engineers, so they pay 2-3x more for contractor A to oversee contractor B, guaranteeing 3+ party disputes for every problem)
What does work better is outsourcing an entire function: if you pay Gmail for email services, you know exactly how much it will cost per user and have an SLA for problems which they can’t blame on you.