Do people just run anything they get emailed?

[peterb]

I'm interested in people's opinions on this thought, should someone get fired for being stupid enough to click on a virus attachment? After all, the cost of the action could run to tens of thousands of pounds in a small company, and for those improperly prepared, actually take the company out of business.

It partly depends on the company policies in force. If there is a policy that says "never open attachments" and sayts that doing so is treated as gross mis-conduct, then a company might have a case. But I am not a lawyer!

A defence might be that the company didn't take reasonable precautions to protect its systems.... but I am not a lawyer.

There are products that will quarantine any e mail with any attachment that require positive confirmation that the e mail is expected and genuine before it is released, which puts the onus directly on the user to validate the sender before opening anything.

[scaryjim]

We've got this at work apparently - at least 6 instances. AFAIK ITS have managed to scope and restore all the affected files, but it's a bit worrying people will run pretty much anything they get emailed, even in a corporate environment. Particularly in a corporate environment in fact, because it'll hit network shares too - so you only need one person in a department to run it and potentially the entire department's key files get screwed.

But given you have to transfer money to someone for the attackers to actually benefit from this, I'm amazed it's not easier to find and prosecute the perpetrators....

[wasabi]

worrying people will run pretty much anything they get emailed, even in a corporate environment. Particularly in a corporate environment in fact,

People are more irresponsible in a work environment. Modern AV / anti-spam systems are almost too good. 10 years ago people were used to getting spam. Nowadays it rarely happens, so people instinctively trust what is in their inbox. Besides, in most places, the IT department are the kicktoys of everyone else, so if something goes wrong it is IT's fault and up to them to fix it.

[kalniel]

But given you have to transfer money to someone for the attackers to actually benefit from this, I'm amazed it's not easier to find and prosecute the perpetrators....

If only they would so good as to place themselves under UK jurisdiction..

[kompukare]

But given you have to transfer money to someone for the attackers to actually benefit from this, I'm amazed it's not easier to find and prosecute the perpetrators....

Well, they ransom is mostly Bitcoins which makes it rather hard to trace.

As for holding individual users liable, not sure about that one. While they might be in breach of a policy, surely the individual could successfully argue that firstly the companies anti-virus wasn't fit for purpose and secondly that their backup policy was no good if it doesn't allow them to restore files back to a certain time/date.

Seems some good group policies should be able to prevent the current CryptLocker from installing (restricting AppData/Roaming) but they culprits could easily change the location & filenames so that's just a catchup thing.

Bleepingcomputer.com wrote a guide:

http://www.bleepingcomputer.com/viru...re-information

The most important point is surely that if you have encrypted files which are important, then paying the ransom is the safest bet. 2048-bit encryption is pretty much impossible to break and $300 is not that much compared to the alternatives.

However, a policy for preventing the virus from encrypting files to which the user has write access is a lot harder and I haven't seen any usable suggestions yet.

[0iD]

Anyone running an emailed executable and/or doesn't have some form of malware protection deserves a cattle prod to the sensitive bits.

Repeatedly.