(Reposted from http://www.theregister.co.uk/2017/02/10/on_call/)
(All redirection URL links removed by KFN Administrator)
Same org saw users catch ransomware twice. In one day. After being warned
On-Call Welcome again to On-Call, our weekly therapy session for readers who need to share terrible memories of jobs gone horribly, horribly, wrong.
This week, meet “Dirk” who we imagine is carrying quite an emotional load because he's witnessed some horrors created by truly dull-witted users.
Take, for example, the crew his IT team recently saved from ransomware. Twice. On one day.
Dirk's tale started when, one pleasant morning “some idiot clicked on a CryptoLocker attachment, and - Boom! - the network drives were encrypted.”
Dirk's IT team sent out warning emails about what not to click, restored the drives in under two hours and were just about to put up their feet and take some credit for a job well done when – you guessed it – someone else clicked on another CryptoLocker attachment and the problem happened all over again.
This time IT told staff to leave their PCs on when they left for the day. By the next morning the company had a new ransomware-innoculated standard desktop and network drives that had again been saved.
But Dirk's seen worse, too.
Once when he had a bit to do with a large utility, Dirk says “an employee introduced a virus onto his PC from a USB stick.”
No big deal in this day and age, you'd imagine. But of course in this case the outsourced help didn't keep the anti-virus right up to date, so the software detected infected executables and quarantined them but couldn't stop the spread of the virus.
“After a couple of days everyone's PC slowly ran out of executables and became useless,” Dirk recalls, adding that “My favourite moment was when an IT support guy went into the SCADA control room to check on the SCADA operator GUI PCs. Up until then the SCADA system was fine because it was on a separate firewalled LAN. But this genius plugged in his USB stick with some GUI-based network monitoring tools to make sure the SCADA LAN was OK.”
You can guess what happened next: the USB stick had been infected and the SCADA system came down too. Two weeks and another new Windows standard operating environment later, the company was back on its feet.
(All redirection URL links removed by KFN Administrator)
Same org saw users catch ransomware twice. In one day. After being warned
On-Call Welcome again to On-Call, our weekly therapy session for readers who need to share terrible memories of jobs gone horribly, horribly, wrong.
This week, meet “Dirk” who we imagine is carrying quite an emotional load because he's witnessed some horrors created by truly dull-witted users.
Take, for example, the crew his IT team recently saved from ransomware. Twice. On one day.
Dirk's tale started when, one pleasant morning “some idiot clicked on a CryptoLocker attachment, and - Boom! - the network drives were encrypted.”
Dirk's IT team sent out warning emails about what not to click, restored the drives in under two hours and were just about to put up their feet and take some credit for a job well done when – you guessed it – someone else clicked on another CryptoLocker attachment and the problem happened all over again.
This time IT told staff to leave their PCs on when they left for the day. By the next morning the company had a new ransomware-innoculated standard desktop and network drives that had again been saved.
But Dirk's seen worse, too.
Once when he had a bit to do with a large utility, Dirk says “an employee introduced a virus onto his PC from a USB stick.”
No big deal in this day and age, you'd imagine. But of course in this case the outsourced help didn't keep the anti-virus right up to date, so the software detected infected executables and quarantined them but couldn't stop the spread of the virus.
“After a couple of days everyone's PC slowly ran out of executables and became useless,” Dirk recalls, adding that “My favourite moment was when an IT support guy went into the SCADA control room to check on the SCADA operator GUI PCs. Up until then the SCADA system was fine because it was on a separate firewalled LAN. But this genius plugged in his USB stick with some GUI-based network monitoring tools to make sure the SCADA LAN was OK.”
You can guess what happened next: the USB stick had been infected and the SCADA system came down too. Two weeks and another new Windows standard operating environment later, the company was back on its feet.
Comment