This is about the incident in Germany that led to the death of a patient. From the high level overview I want to ask why the indicators of compromise were missed for 6 days…:
[…] The incident started with the hackers getting into the victim’s system and trying to distribute the ransomware by infecting Windows on a number of computers. The ransomware set to go off at a particular time. It didn’t work. They tried another way, and that didn’t work. Why? Because the defensive software the company used was working. So on the third try the hackers created a virtual machine to do the dirty work. They succeeded. I’ve simplified the story, but there are a couple of lessons: First, these attacks took place over six days. That means defending IT staff may have time to detect a cyber attack. Second, defensive software like anti-virus and endpoint protection can do a good job. And if properly used they can give warnings of cyber attacks. And third, some attackers are patient, persistent and inventive.