FireEye warns 'massive' ransomware campaign hits US, Japan hospitals The dangerous and as-yet-undefeated Locky ransomware is being hurled at hospitals across the United States and Japan in a 'massive' number of attacks, according to FireEye researcher Ronghwa Chong. Locky is a popular ransomware variant that will encrypt files in a way that forces users to pay ransoms or cut their losses and …
Teaching users to be careful is a never-ending task. You can tell a person a hundred times to back up his data, one day he will still get it wiped and moan that he's lost everything. That, most of the time, is the day people become sensitive to the argument.
Here it is worse. Hospital staff are harassed all day, doing five things at a time and some of those can entail risk for life if done wrong. Asking them to beware of their tools in addition is really hard to do.
The scum that launch these mails should be found and shot for putting lives at risk.
You're preaching to the choir, bro.
I've been telling Mrs CustardGannet for 5 months (since our workplace - a large UK gubmint department - was hit by ransomware and had to restore files from backups) to copy all her docs to unpluggable memory devices.
Even gave her the devices.
She's still not done it.
What I've found, as well, is that even after you've told people until you're blue in the face that they should back stuff up, and after they've finally learnt that lesson the hard way, and start backing up regularly... eventually, they stop.
this actually has made my last few weeks in this place a bit more interesting - as we have had multiple people opening these emails, opening the attachment, enabling macros, and proceeding to encrypt every file in sight.
Luckily we have backups - while it doesn't really compensate for the lost time for the organisation, I'm happy to get a ton of overtime in my last paycheck to nursemaid the restores.
posted anonymously, as i don't think they want anyone to know they had been hit (repeatedly), due to poor email security by end users.
good luck to those left behind, when the next big attack rolls round.
:D
yep, they keep opening them, even on the same day that a warning message was sent out, telling them to be careful about these files.
i have now added a hub transport rule to prepend a big warning to any emails with a macro enabled attachment, as well as an active file screen to stop any infections from managing to encrypt anything - with an email alert so that we can immediately call the user and have the machine shut down and rebuilt.
it stopped the third occurrence dead - and if we happen to make life a bit more difficult for end users that keep doing silly things, then so much the better - maybe they will learn some basic security
It is one thing that they cannot be told regarding their own pcs/tablets/phones but when even the possibility of the sack if they eff up at work does not seem to make any difference then we really have a huge problem. When it all comes down to it the choice of OS or the security measures taken are of little use if the life-form on the other side of the keyboard simply ignores what they are told. Frankly I am at a loss to suggest any measures short of electric shock treatment that would get the average punter/employee to show a modicum of common sense.
<quote>Frankly I am at a loss to suggest any measures short of electric shock treatment that would get the average punter/employee to show a modicum of common sense.</quote>
Now, if you really wanted to send a message, you would have security summarily execute the next offender as they sat in their chair.
I agree that the temptation is enormous. However, the take-home message is, IMO, very straight forward. We all have our opinions about which OS is the best but there is one huge problem with all these discussions about which system is the most secure and so on and so forth. Those arguments do not take into account one simple fact. The biggest vulnerability regardless of which system one chooses (Windows, MacOS or whichever flavour of Linux you prefer) is the person using it. Everything else pales in comparison with that issue. The average computer user would fuck it up regardless of which system one chose. Hmm, maybe summary execution is the only way forward!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
