

Episode 396 – Lessons from a real-life ransomware attack
Feb 27, 2025
Discover the harrowing details of a ransomware attack on an on-premises VMware setup. Learn about the critical vulnerabilities that contributed to the breach, especially the importance of regular updates and robust password policies. Explore how improper backup solutions can exacerbate the damage and the necessity for a solid disaster recovery plan. The conversation also emphasizes the impacts of firewall vulnerabilities and the effective 3-2-1 backup strategy for ultimate preparedness against future threats.
AI Snips
Chapters
Transcript
Episode notes
Ransomware Attack Narrative
- Attackers exploited unpatched firewalls to create a VPN connection, bypassing user compromise.
- They encrypted ESXi servers, backup servers, and corrupted backup storage, leaving no recovery options.
Patch Everything
- Patch and update all systems, including firewalls and network infrastructure. Don't assume workstations are the only vulnerability.
Strong Passwords
- Use complex passwords with at least 12 characters for all systems. Seven-character passwords are easily brute-forced.