Technical details on how the company was exposed to this attack

There are many reasons on why the company was exposed to this kind of attack. Here are some
of the technical reasons on how the company was exposed to ransomware.

Careless Employees:
Company exposed to this kind of attack due to carelessness of employees. Negligent or careless
employees who don’t follow security procedures and policies leads to ransomware. The
employee didn’t pay enough attention to these kind of malicious emails ends up putting the
company expose to cyberattacks. According to a recent survey the careless and negligent
employees are the biggest threat to endpoint security in company or organizations.

Incompetence of System Security Analyst:

One of the most common and important reason of company exposing to ransomware is due to the
incompetence of system security analyst. The security analyst that the company hires is not
competent enough to identify this kind of cyberattacks. Security analyst does not have proper
training to handle and monitor ransomware attacks. System security analyst under performed
during pressure and critical situations which leads to ransomware attacks.

Weak Security Policies:

Another reason that the company was exposed to these kinds of attacks is due to their weak
security policies. The company didn’t train and brief their employees properly. Employees didn’t
know what to do in these kinds of situations which leads to ransomware. Restrict users' capacity
to install and run undesired software applications (permissions), and apply the “Least Privilege”
philosophy to all systems and services. By limiting certain privileges, malware may be prevented
from operating or its potential to spread over the network is limited. The company didn’t rotate
their passwords regularly to avoid exposing to ransomware.

Outdated System:
The company may expose to ransomware due to their outdated system. If flaws are discovered in
outdated software, it will not be patched, and it will be vulnerable to even more sophisticated
cyber-attacks. This creates a slew of security issues, both owing to human error and the
possibility of system failure. The company didn’t update their Windows and security patches
which leads to ransomware.
Up to Date Antivirus and Firewalls:
The company didn’t have up to date antivirus and firewalls which expose them to these kinds of
attacks. They didn’t scan all software downloaded from the internet prior to executing. These
carelessness leads to ransomware.

Lack of Backup and Recovery Plan:

For all vital information, the company did not have a data backup and recovery plan in place.
Regularly backup and test your data and systems to reduce the effect of data or system loss and
speed up the recovery process. Note that ransomware can impact network-connected backups;
essential backups should be separated from the network for maximum security.