A company that fell victim to a ransomware attack and paid cyber criminals millions for the decryption key to restore their network fell victim to the exact same ransomware gang under two weeks later after failing to examine why the attack was able to happen in the first place.
The cautionary tale is detailed by the UK’s National Cyber Security Centre (NCSC) in a blog post about the rise of ransomware.

ZDNet Recommends

The unnamed company fell victim to a ransomware attack and paid millions in bitcoin in order to restore the network and retrieve the files.
SEE: Network security policy (TechRepublic Premium)
However, the company just left it at that, failing to analyse how cyber criminals infiltrated the network – something that came back to haunt them when the same ransomware gang infected the network with the same ransomware less than two weeks later. The company ended up paying a ransom a second time.
“We’ve heard of one organisation that paid a ransom (a little under £6.5million with today’s exchange rates) and recovered their files (using the supplied decryptor), without any effort to identify the root cause and secure their network. Less than two weeks later, the same attacker attacked the victim’s network again, using the same mechanism as before, and re-deployed their ransomware. The victim felt they had no other option but to pay the ransom again,” the NCSC blog said.
The NCSC has detailed the incident as a lesson for other organisations – and the lesson is that if you fall victim to a ransomware attack, find out how it was possible for cyber criminals to embed themselves on the network undetected before the ransomware payload was unleashed.

“For most victims that reach out to the NCSC, their first priority is – understandably – getting their data back and ensuring their business can operate again. However, the real problem is that ransomware is often just a visible symptom of a more serious network intrusion that may have persisted for days, and possibly longer,” said the blog post by an NCSC technical lead for incident management.
In order to install ransomware, cyber criminals may have been able to gain backdoor access to the network – potentially via a previous malware intrusion – as well as having administrator privileges or other login credentials.
If the attackers have that, they could easily deploy another attack if they wanted to – and did, in the example detailed above, as the victim hadn’t examined how their network was compromised.
Examining the network following a ransomware incident and determining how the malware was able to enter the network as well as staying undetected for so long is, therefore, something all organisations that fall victim to ransomware should be considering alongside restoring the network – or preferably, before they even think about restoring the network.
Some might believe that paying the ransom to criminals is going to be the quickest and most cost-effective means of restoring the network – but that’s also rarely the case. Because not only is the ransom paid, potentially at a cost of millions, but the post-event analysis and rebuilding of a damaged network also costs large amounts.
SEE: Ransomware victims aren’t reporting attacks to police. That’s causing a big problem
And as the NCSC notes, falling victim to a ransomware attack will often lead to an extended period of disruption before operations resemble anything normal.
“Recovering from a ransomware incident is rarely a speedy process. The investigation, system rebuild and data recovery often involves weeks of work,” said the post.
The best way to avoid any of this is to ensure your network is secure against cyberattacks in the first place by doing things like making sure operating systems and security patches are up to date and applying multi-factor authentication across the network.
It’s also recommended that organisations regularly backup their networks – and store those backups offline – so in the event of a successful ransomware attack, the network can be restored with the least disruption possible.

MORE ON CYBERSECURITY More

The CallStranger vulnerability can also be used to launch major DDoS attacks. Source: Information Technologies – zdnet.com More

Microsoft has re-released a newish Skype feature called Meet Now as a button in the latest version of Windows 10’s taskbar.   
The Meet Now button is aimed at taking on Zoom’s popularity and pushes the Skype fast meeting setup feature upfront into the notification area or system tray of the taskbar in Windows 10. It makes it easier for users to set up video meetings without requiring signups or downloads. 

Windows 10

“In the coming weeks you will be able to easily set up a video call and reach friends and family in an instant by clicking the Meet Now icon in the taskbar notification area. No sign-ups or downloads needed,” Microsoft explained of the feature.  
Microsoft first rolled out the feature to Windows Insiders on the Dev Channel in September and has now re-released it to Insiders on the Release Preview Channel in the Windows 10 20H2 Build 19042.608 (KB4580364). It’s also available in the Beta channel. 
It comes after Microsoft released Windows 10 20H2 to the general public earlier this week, opening it up to ‘seekers’ who manually opt to install the latest Windows 10 feature update. 
The Meet Now taskbar icon came to Windows 10 versions 1903 and 1909 via the KB4580386 cumulative earlier this week. 
However, the feature hasn’t yet made it to Windows 10 version 2004, the May 2020 update, but it should soon. Given that Windows 20H2, the October 2020 Update, is a minor feature update to version 2004, it should arrive at the same time for the newest version of Windows 10 as a common cumulative update, just as it did for versions 1903 and 1909.
The Meet Now button is the only new feature in this 20H2 preview, which otherwise brings a long list of fixes detailed in a blogpost. 
Among them is a solution to problems using Group Policy Preferences to configure the homepage in Internet Explorer. Microsoft has also given admins the ability to use a Group Policy to enable Save Target As for users in Microsoft Edge IE Mode.
Microsoft fixed an issue with users opening untrusted URL navigations from legacy Internet Explorer 11 by opening these URLs in the Windows 10 Defender Application Guard security feature using Microsoft’s Chromium-based Edge – the browser that ships with Windows 10 20H2.
Another Edge fix addresses problems when using the full suite of developer tools in Edge for remote debugging on a Windows 10 device.
There are also fixes for those using Remote Desktop Protocol (RDP) and Windows Virtual Desktop (WVD) on Windows 10. 
And there’s a fix for a bug preventing Windows Subsystem for Linux 2 (WSL2) from starting on Arm64 devices. The bug occurs after installing the October 13 cumulative update for Windows 10 version 2004 KB4579311. More

Joseph Maldonado/ZDNETZDNET’s key takeawaysGoogle’s PixelSnap is the biggest upgrade for me on the company’s new phones.The $799 Pixel 10 now comes with a telephoto camera, a sizeable upgrade for the base model.Gemini AI is much smarter and more capable than Siri.Get more in-depth ZDNET tech coverage: Add us as a preferred Google source More

How did we choose these Amazon deals? ZDNET only writes about deals we want to buy — devices and products we desire, need, or would recommend. Our experts looked for deals that were at least 20% off (or are hardly ever on sale), using established price comparison tools and trackers to determine whether the deal is actually on sale and how frequently it drops. We also looked over customer reviews to find out what matters to real people who already own and use the deals we’re recommending. Our recommendations may also be based on our own testing — in addition to extensive research and comparison shopping. The goal is to deliver the most accurate advice to help you shop smarter. When will these deals expire? Amazon deals can expire at anytime. Select Prime-exclusive offers, limited time offers or lightning deals are time contingent, meaning you’ll want to take advantage of them when you see them. Other deals, like standard discounts and drops may remain for longer periods. However, deals are subject to sell out or expire at any time, though ZDNET remains committed to finding, sharing, and updating the best product deals for you to score the best savings. Our team of experts regularly checks in on the deals we share to ensure they are still live and obtainable. We’re sorry if you’ve missed out on a deal, but don’t fret — we’re constantly finding new chances to save and sharing them with you at ZDNET.com. When is the next Prime Day? Amazon’s summer Prime Day ran from July 8-11, 2025. The next Prime Day sale (and the first before the holiday 2025 season) will likely be in October (Prime Big Deal Days) if Amazon sticks to their typical sale calendar. Keep in mind there are still a few more chances to save until then across retailers. How much is an Amazon Prime membership? Amazon Prime costs $15 per month, or you can purchase an annual membership for $139, which will save you a few dollars. Also: Get 50% off an Amazon Prime membership if you’re age 18-24 – here’s howCollege students and those aged 18-24 can get a discount and pay $8 per month or $69 per year. In addition, those with qualified government assistance (which may include select seniors) can receive a Prime membership for just $7 after their free trial. More