This report was released 9 days ago, this hack was widely discussed on HN when it happened (<a href="https://news.ycombinator.com/item?id=27152402" rel="nofollow">https://news.ycombinator.com/item?id=27152402</a>) and I thought the formal postmortem would be of interest !
> On the same day, the Attacker posted a link to a key that would decrypt files encrypted by the Conti ransomware. [..] Without the decryption key, it is unknown whether systems could have been recovered fully [..] but it is highly likely that the recovery timeframe would have been considerably longer.<p>Is the implication that they paid the ransom?<p>The report seems to go out of its way to avoid stating <i>why</i> the attacker posted the decryption key.
As usual people ignore messages that basically told them what was happening. Reminds me of the Target hack where they installed some anti hacking system which immediately tossed out warnings which seemed excessive so they turned it off for a few months.<p>But security is an expense and people don't like paying money.<p>A financial company I worked for in mid 2000's decided the only thing they needed to do was buy some encryption for the disks their databases ran on, which of course would do nothing to keep someone from just using SQL to extract all our customers credit card data.