Questions?
Q: How?
A: In the same myriad of ways any intruder gains access to run their code on your network. Might have smashed in the front door of an internet facing server. Might have found an unpatched VPN server or one without 2FA. Might have sent various types of phishing emails. Or a combination of all of those things.
Q: But this would never happen on my network, could it?
A: Yes it could.
What is currently happening is that the money to be made from ransomware is now big enough to warrant intruding wherever you can get in now. Doesn't matter if that is a small biscuit maker or a defence contractor. That thing where you could hide because nobody cared about YOU, not quite the same any more. Got a weakness and have a cheque book is the only two things important in target selection.
Most people were only never hacked because nobody gave a fig about you, this current trend is entirely different.
Biting the hand that feeds IT
