Most of this book has been about what to do in case of a widespread ransomware attack. In this chapter, each section will explicitly discuss what not to do to help you avoid common mistakes and misconceptions.

Assume You Can't Be a Victim

Many ransomware victims assumed before the attack that they could not be victims. They thought only the worst-secured organizations got attacked. They read in the media about all the companies that were terrible at patching or for years had not noticed that ransomware was in their network. If everyone but you is being attacked, it can lead to a premature conclusion that you must be doing something right and can't be attacked. Don't make that mistake.

Most victims didn't think they could even be a target of ransomware. “Why would they attack us?” is a common refrain. The answer is they want money, and your cryptocurrency is worth the same as anyone else's. Most organizations have relatively average security, which is to say not very great security. Most organizations do some computer security things very well, most things average, and many other things fairly poorly. All an attacker has to do is find one weakness such as finding one employee who can be tricked into clicking on an email phishing attack, one unpatched application, or one password logon portal left unprotected. The defender has to be perfect. The attacker needs only to be persistent.

Never assume you can't be attacked. If you haven't been successfully ...