Frequently, ransomware victims have an internal review of how they got behind the eight ball. You will almost never see those pre-legal reports, and if a report is ever released, it will be as informative as a politician.
The report from PWC following Ireland’s healthcare system ransomware attack is an enlightening, if not downright funny, read. Well, at least Kreb’s reporting of the report is funny.
One little nugget …
On Mar. 31, 2021, the HSE’s antivirus software detected the execution of two software tools commonly used by ransomware groups — Cobalt Strike and Mimikatz — on the Patient Zero Workstation. But the antivirus software was set to monitor mode, so it did not block the malicious commands.”