@arstechnica What is amazing to me is that the software responsible - the system by which the phishing email gave the bad guys control - is never mentioned.
Systems that are this vulnerable should be banned from these kinds of businesses. e.g. "All banks have 6 months to remove vendor X from all banking systems."
Furthermore, were all of their backups also encrypted? Is so - how? How do you fail this badly at system security?
I have multiple layers of security on my systems. Backups can be added - so, a compromised system could upload an encrypted (not by me) backup.
But it cannot remove previous backups which would mot be ransomewared*. None of the systems doing backups have that kind of access.
This is almost trivial to set up. How are these companies failing so badly at this???