Your list is excellent, haertig.

Based on public sources, it appeared that the victim in this case had good backups. Restoring backups can be very time-consuming. Ransomware operators in general are also stealing data and threatening to release it if the ransom isn’t paid.

Addressing specific points from your list:

1) Networks are borderless more often than not. Most employers would struggle badly here in keeping employees in the field productive without remote access to the network. Going all VPN might not be a big difference to how things operate now, assuming that sufficient VPN capacity exists to try this. This was even more critical during the office shutdowns brought on by the pandemic.

2) Backup tech has gotten a lot better, so we won’t be digging through a mountain of tapes to get everything back. Keeping remote workstation backups recent is far easier.

4) This is INCREDIBLY hard for most organizations. They don’t have the capacity to see where known security vulnerabilities are or to patch them in a reasonable timeframe. There’s an entire industry around outsourcing this critical, fundamental task, and most of the vendors I see who do this for other companies are terrible or worse.

6) The skillset to implement monitoring tools is hard to find; hiring and keeping the people to do the monitoring effectively is very expensive. There’s an entire industry around outsourcing this critical, fundamental task, but unlike in (4) there are some services that are extremely good here. But it’s very expensive.

7) Much of the online presence that is customer-facing is cloud based or otherwise outsourced for many companies. It’s keeping their knowledge workers productive that produces most of the network requirements in many organizations.

8) For sure.