Ransomware continues to be a dominant force in the cybercrime industry. While mitigating this threat is difficult, it is far from impossible, especially with mature incident response, threat detection, and disaster recovery programs in place. Implementing detections for Data Encrypted for Impact (MITRE ATT&CK Technique T1486) and other common ransomware techniques will help incident response teams react as soon as possible, potentially stopping the attacker in their tracks. Backups of critical systems, if kept disconnected from the rest of the network, can provide a lifeline in the worst-case scenario. In this situation, the critical system backups let MTU bypass the attacker entirely – even after a thorough compromise.
https://www.irishtimes.com/ireland/education/2023/02/09/mtu-cork-confirms-it-suffered-ransomware-cyber-attack-as-campus-remains-closed/
