Because I've been handling ransomware (and pre-ransomware) incidents on a daily basis for years now and have developed a pretty good sense of which tools and controls are actually effective at preventing effective ransomware deployment/mitigating risk.

Painful, but nowhere near as painful or long as a ransomware recovery across 15k systems and 20 sites. Given the track record, there is a lot better chance on a given day of an org being a target of ransomware threat actors, or others, out there throwing their net out, trying to get you, than CrowdStrike letting through something that will take your systems down for two weeks.

There were several orgs I responded to last year where they ended pulling off Falcon on all or some of their systems after being upset at the CrowdStrike outage and then getting hit by ransomware because they were not sufficiently protected. They all very much regretted their decision and were impacted much more severely than the CrowdStrike outage.

The negotiating for the decryption key has often been the only way organizations have been able to recover from ransomware. Ideally, people have backups, but the standard ransomware threat actor playbook includes the step of destroying all the backups prior to pushing out the ransomware. I will cross-post one of my relevant comments on last week's ransomware story:

Backups have been a sore spot with ransomware recovery the last several years. Most people have some sort of backups, but generally, one or more of these things happens:

1. Backups were connected to the Active Directory domain (which was compromised), alternatively, password reuse
2. Backups were then destroyed or encrypted (including backup solutions claiming to have "immutable backups")
3. Not all servers were being backed up as people thought they were
4. Backups failed at some point and no one realized it
5. Last good backup was much older than expected
6. The legitimate at-rest key for the backup solution was encrypted
7. The infrastructure, particularly network bandwidth to remote sites, especially manufacturing, can't support timely mass restoration over the network/from the cloud

Backups have been a sore spot with ransomware recovery the last several years. Most people have some sort of backups, but generally, one or more of these things happens:

1. Backups were connected to the Active Directory domain (which was compromised), alternatively, password reuse
2. Backups were destroyed or encrypted (including backup solutions claiming to have "immutable backups")
3. Not all servers were being backed up as people thought they were
4. Backups failed at some point and no one realized it
5. Last good backup was much older than expected
6. The legitimate at-rest key for the backup solution was encrypted
7. The infrastructure, particularly network bandwidth to remote sites, especially manufacturing, can't support timely mass restoration over the network/from the cloud

It comes down to a business decision for these organizations. Even people that have a hard line moral stance on this are suddenly faced with not the question of should I pay the ransom or fund the IT department, it is should I pay the ransom or go out of business.

An obvious example is a hospital system, where suddenly ambulatory care has to be diverted, Epic is down, and they're scrambling with DR procedures to dispense medication and track everything on paper while not being able to treat cancer patients because radiation oncology is impacted. With lives on the line, there is a different kind of pressure outside of the business aspect. Even for a small mom and pop situation, their backups have been destroyed, and they often cannot function as a business without a certain set of critical data that is far more costly, if even possible, to rebuild, and financially unfeasible. They could just close the business and feel good that they didn't pay the bad guy, but that can have serious economic impacts to employees and clients that rely on them. The number of organizations getting hit by ransomware is massive, compounding the problem.

Unfortunately, even organizations with massive IT and security budgets are still vulnerable to these things. It's a tough situation, and from my visibility, less victim organizations have had to pay over the last couple years, but still more than 23%.

They're victims of a crime. Should it be illegal for bank tellers or people walking down the street being robbed to give them the money/jewelry/phone if threatened because then robbers will know it might work and propagate robberies? I assume you would begin making exceptions for things like hospital systems whose services are ground to a halt. That list would quickly get prohibitively long. I think the economic devastation that would be downstream from the massive number of orgs that could otherwise not recover, all the orgs/employees/etc. that rely on them are now dead, etc. would be worse -- especially when you factor in cyber insurance and that the threat actors would quickly pivot to another mechanism to skirt around the restrictions and benefit.

Cyber insurance requirements

Certifications are only important if you want to claim you have knowledge of an area but have absolutely no other way of showing that you know it.

If you do have the experience, you give good examples of what you have done which require that knowledge. Simply listing a certification equates to, "Though I haven't done anything to show it, if I was given that task, there is a CHANCE that I could accomplish it." Obviously if you're coming in with no experience, some indication that you can handle the job is helpful. However, going out of your way to get additional hands-on experience will make the potential employer more comfortable than just saying if you had done so, you would have been successful.

I think if it was a trick they would have tried to stick them all across the river in Anacostia somewhere. Now THAT I would have gone to see.

Yea, they were a group of friends from Harvard that majored in math & CS. They actually post some technical details of how they calculate the matches here. They even have a technology section where they say which programming languages they use as well as their own open source webserver. I don't work for OKCupid or anything, I just thought it was cool that it's run by our kind and they're not afraid to include such nerdy information on their FAQ pages.

On a serious note, one of the problems he's going to have is figuring out the kind of person he wants. I'm guessing he has little/no experience. Even if he thinks he knows what he would like, the reality of being with this kind of person may be nothing like what he expected.

JustShootMe: In short, try to get experience with different types of people to see what it is you really like.

PS -- Try to see these girls as humans just like everyone else or you're going to get walked all over. You can learn this now and get a better response from the girls (as well as building healthier relationships), or you can realize it once you've become bitter from a crappy relationship with a girl you resent for doing just what you let her do. (This one goes out to you, Tony!)

Actually, "god mode" would ruin games such as Doom for me. That's why I only would use it on a game once I got tired of playing it. Then I'd just go crazy, blow through the game, and be done with it. After completely annihilating every monster with the unlimited ammo of the supergun and winning, there wasn't much fun for me going back and poking around with a shotgun. I'm sure it's not the same for everyone, but I doubt if I'm the only one that gets bored with a game after playing it through in god mode.