Kevin BeaumontJan 3, 2023
#TheGuardian have closed their offices until January 23rd after their ransomware incident (which is still going on). HT @dannyjpalmer https://pressgazette.co.uk/publishers/guardian-ransomware-attack/
Guardian offices closed until 23 January due to ongoing fallout from suspected ransomware attack

The Guardian is continuing to be severely impacted by a suspected ransomware attack which hit the publisher’s global IT systems on 20 December. Guardian Media Group chief executive Anna Bateson sent a

Press Gazette
Show threadKevin BeaumontJan 3, 2023

By the way, having dealt with both monitoring human operated ransomware and dealing with it first hand, my experience is recovering, even if you pay, is around a 2 month ordeal on average.

It can stretch to 6 months or more before operations are fully restored.

You’ll frequently find IT and security people quit after recovery as the mental health toll is large - they never want to go through something like they again.

Show threadjack daniel
@GossiTheDog Question.. when a ransomware hits, it is usually on the end user machines isn't it? The application servers, databases, containers would be unaffected. Is that the reason the guardian website seems to be functional continuously still? Or does it spread to even those systems?
Having never been involved in one, I have always thought of ransomware affecting the machines that we work on, based on what I learnt.
Jan 3, 2023 at 3:01pmWeb
Show threadStumpyJan 5, 2023
@jack_daniel @GossiTheDog Generally not all systems get impacted by ransomware, but the risk is that backdoors (RATs) are implanted on hosts that don't have ransomware. It then becomes a risk management issue - do you take everything offline and cease all business operations or leave the un-ransomwared systems in prod in order to continue business ops? Do you have failovers that you can trust for critical systems? How quickly can you rebuild/restore critical systems are all part of the calculations. In most cases attackers won't deploy ransomware until they have access to the critical systems, dbs, back-ups etc.
Show threadjack danielJan 17, 2023
@stumpyuk @GossiTheDog
Thank you for explaining this. I just figured out that mastodon notifications are not working and am just seeing this reply.