Once a upon a time...
Ransomware got into the company because an unsuspecting employee with elevated permissions downloaded a file and ran it on his device where he had access to the company's network drive, hosting multiple company files.
The ransomware got hold of the mapped network drives on his device and started encrypting them with a new key.
Every time anyone in the company tried to open any of the files on the network drive, a message would appear to get into contact with their system administrator as the file was encrypted and required for an amount to be paid using cryptocurrency to this external malicious party. Luckily our company took daily updates of this network drive, so we were able to restore them all and we only lost changes of up to 16h ago. We used an IT asset management solution (or you could say "Lansweeper" instead ) to identify which devices had this network drive in their mapped network drive list (like 'MAPPEDDRIVES' in Lansweeper) to retrieve all clients connecting to the mapped network drive, so we could improve the security towards this network drive. We also improved our mailing and security solution and trained people into being cautious into using third party applications and only opening them with regular users.
