Over all I agree with what you are saying and in many cases have air gapped backups is a great thing to have.
But let's play the Fix It Again Tony game.
My door locks stopped working.
Tech fixed them. But didn't check the dom light when unlocking the doors.
Tech fixed the BCM, But didn't check what else might have blown like my turn signal light.
How does this relate?
Well, we don't know exactly when the issue started because I thought my locks were actually working (beep beep). Even if I pulled the dook know the doors will open. The Tech? Well, he gets a pass the first time because most likely you wouldn't notice because the bay is bright. Second time, he should have run full check.
So, in the CDK software case:
All those backups could have been bad for months. The ransomware company was probably busy downloading as much of your data as possible before demanding payment. But yes! a clean install is likely the only option.
To prevent this a CDK from happening:
developers should be testing, testing, testing (we have lots of diagnostic tools that can help with currently known flaws and threats).
We have special teams that do Quality Assurance testing (a dealership should consider this as part of their service repairs)
Companies should be investing in tech dept and staying on top of all upcoming updates.
Employee training on social engineering and phishing.
Proper security roles for all employees (as Cox said above - use 2 factor)
