Wait, why were we taking offensive actions?
Every nation outside of Russia has been under attack from Russian mercenary groups for over a decade. In the news they’re typically referred to as “ransomware gangs”. This is a euphemism. The reality is that these groups all have ties back to FSB or other parts of the Russian military structure. They operate with the approval of the Russian government, and they attack Russia’s adversaries. They attack civilian infrastructure indiscriminately, disabling power, water, logistics, schools, hospitals… they don’t care what the damage is, they don’t care if people die because of their actions.
NotPetya is the classic example. That was 8 years ago. Since then the frequency and scope of attacks has increased.
It seems like we also don’t care what the damage is or else we would make at least some effort to secure our IT systems. Of course the robber should be blamed but those who leave their doors wide open are guilty too. If we care so much about the consequences of ransomware attacks, why do we not act and avoid shitty software that only compromises security and instead built more resilient systems?
