I had a customer hit twice in the past two weeks by a ransomware (different variants of the same ransomware each times, but not related to the one mentioned here), and neither times did his antivirus (Norton Internet Security) detect anything. Heuristic detection of ransomwares is something I would expect to be easier to achieve - any unsigned executable trying to access everything on your hard disk should trigger some alarm. Somehow, they still manage to stay under the radar
Customer got infected twice because I failed to locate the attack vector the first time - I caught it on the second time however, thanks to Windows event logs being still accessible. His attack vector was through an exposed Remote Desktop (customer always refused to have a VPN implemented as it would be too complicated - he once asked me if it was absolutely necessary to have a password on his email account when I created a new email account for him a few years ago
)
A few years ago, another customer got hit by a ransomware. That time, Trend Micro Worry-Free Security caught it after it had infected a couple of folders, greatly limiting the damage.
My first ransomware victim was running a cloud-based McAfee solution (from their previous IT consultant). After the incident, the manager had me move all their employees from Internet Explorer to Firefox (ActiveX was a big attack vector at the time, and she asked me for mitigation propositions), and the McAfee solution got thrown away and replaced by Eset Endpoint Security.
So overall, not too many victims among my own customers, and each time they were saved by their backups.
So anyone still not using backup solutions, even at home - you REALLY should...
.
