Sophos has a good article detailng some potential methods the hackers can use to extort money out of companies: Nakedsecurity Sophos Blogsite
This is the important part:
1. Hackers hack and penetrate your systems, including customer databases
2. Customer data will be encrypted - a ransom will be put on the data (that is the old method)
2a. now the new method is to modify only some of the data like usernames or passwords (sometimes passwords and usernames are set by the customer) so it is impossible to find this encryption until customers call saying they cannot access their accounts.
3. Customers log onto your site and they get infected with ransomware themselves on their personal computers.
So what just happened?
A. your server inattention has caused your customers their data and the relationship with you is now harmed.
B. The fix to this is not a restore of data, since it may have been done some time ago. And thus is in your backups as well.
We must figure out how to restore before the hack.
How do you know? Test, test, and test keep your datapoints
We are all about testing here at Fixvirus.com Contact us to help you in this new cybersecurity environment
Here is the Fixvirus Security Show explaining this and Risk Management problems.
The video expounds on the Risk Management failure as well (in tip of day segment)
That was started on our blog post: http://oversitesentry.com/?p=1400 "Risk Management does not work"