| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 149836 | 2021-05-18 21:53:00 | Opening Attachments | piroska (17583) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 1477285 | 2021-05-18 21:53:00 | www.stuff.co.nz “Someone opened an email attachment it was in.” He said there was no threat received to make patient information public, just the ransom threat, but that would not be paid. Sigh. Educate the staff. Have backups. And images. Then who cares if their is ransomware? When I worked for WDHB It was the most shocking, hopeless place I had ever come across for IT. |
piroska (17583) | ||
| 1477286 | 2021-05-18 22:11:00 | Educate the staff. That's no longer an avenue of blame - these emails are getting cleverer and cleverer, and when you're busy, under the pump, 4 hours short in the day, you'll open an email to get on with life. Staff are educated, but |
allblack (6574) | ||
| 1477287 | 2021-05-18 22:32:00 | Sigh. Educate the staff. . That doesnt work. Theres allways one person..... Ive found that there are still so many staff in every sector with near zero PC skills . - unable to use a browser , or dont know what a browser is (have to tell them go into google) - unable to enter URL into browser adress bar - dont know where my docs folder is downloads folder is - dont know how to turn the PC on or off (yes that) - dont know what the desktop is or how to get to the desktop to click a shortcut I put there - I'd ask them 4x "did you use this password for anything else" & they dont give me a yes/no answer, just rambling dribble - dont know how to put a USB falsh drive stick into a USB slot, I had to make a trip onsite to do that - insist on opening EVERY spam email no matter how many times I tell them not to educate staff. Yeah right :) And its still VERY easy to click that link, especially when under job related stress . Or when expecting a similar email (eg expecting an email with courier tracking info .) I know of IT staff that have done it . |
1101 (13337) | ||
| 1477288 | 2021-05-18 22:56:00 | Only 1 question -- WHY didn't the Antivirus and other Security catch it ?? Obviously not good enough or setup correctly. There should have been at least two chances to stop, 1 at the servers and 2 at the desktop PC. If set up correctly the security would have stopped it dead even when clicking a link or opening a file. Just listening to the article the guy ( Kevin Snee) is asked that exact question -- Talk about a Errrrrr I dunno answer LOL The presenter is hammering him :waughh: |
wainuitech (129) | ||
| 1477289 | 2021-05-18 23:23:00 | Antivirus doesnt allways catch it . Ive had ransomware get past many brands of AV , incl NOD . There are products that claim to stop ransomware ( monitoring disk/file access I think) , but will those products stop new variants ? There are also services that will strip out links in emails , for analysis & require users to jump through some hoops to get access to those links. But that costs money. I's bet the real reason would have been a lack of funds for implementation of the required Anti Malware/security systems . And possibly creaky old PC's & severs ? |
1101 (13337) | ||
| 1477290 | 2021-05-18 23:26:00 | Only 1 question -- WHY didn't the Antivirus and other Security catch it ?? Obviously not good enough or setup correctly. There should have been at least two chances to stop, 1 at the servers and 2 at the desktop PC. If set up correctly the security would have stopped it dead even when clicking a link or opening a file. Just listening to the article the guy ( Kevin Snee) is asked that exact question -- Talk about a Errrrrr I dunno answer LOL The presenter is hammering him :waughh: I wonder what kind of file it was. Most that I've seen lately is macro enabled documents with the whole "This document is protected so click enable macros on the security prompt to read it" bullcrap. We disabled macros completely through GPO and it seems to have dealt with it nicely. For everything else a nice stamp on the top of the email saying this is an external message through Exchange rules works nicely, and staff training to check if that stamp is there before opening any attachments. |
baabits (15242) | ||
| 1477291 | 2021-05-18 23:31:00 | Yesterday the Herald said it was caused by someone putting a usb drive into the parking pay thing, or something equally odd. Watch the blame game begin. | Beav (17610) | ||
| 1477292 | 2021-05-19 03:16:00 | Only 1 question -- WHY didn't the Antivirus and other Security catch it ?? Obviously not good enough or setup correctly. : Because of what they use, mainly. And being busy isn't an excuse............I've never opened an attachment, at work or otherwise, because I'm busy... |
piroska (17583) | ||
| 1477293 | 2021-05-19 03:20:00 | That doesnt work. Theres allways one person..... Ive found that there are still so many staff in every sector with near zero PC skills . - unable to use a browser , or dont know what a browser is (have to tell them go into google) - unable to enter URL into browser adress bar - dont know where my docs folder is downloads folder is - dont know how to turn the PC on or off (yes that) - dont know what the desktop is or how to get to the desktop to click a shortcut I put there - I'd ask them 4x "did you use this password for anything else" & they dont give me a yes/no answer, just rambling dribble - dont know how to put a USB falsh drive stick into a USB slot, I had to make a trip onsite to do that - insist on opening EVERY spam email no matter how many times I tell them not to educate staff. Yeah right :) And its still VERY easy to click that link, especially when under job related stress . Or when expecting a similar email (eg expecting an email with courier tracking info .) I know of IT staff that have done it . I wonder what kind of file it was. Most that I've seen lately is macro enabled documents with the whole "This document is protected so click enable macros on the security prompt to read it" bullcrap. We disabled macros completely through GPO and it seems to have dealt with it nicely. For everything else a nice stamp on the top of the email saying this is an external message through Exchange rules works nicely, and staff training to check if that stamp is there before opening any attachments. The ones that slip through here, are the ones that ask you to click a poisoned link (NZ post, Westpac, Trade me, facebook, apple, google) thankfully the security at work doesn't allow external links except ones authorised. Funnily enough, this forum was authorised about 15 years ago |
the_bogan (9949) | ||
| 1477294 | 2021-05-19 04:14:00 | www.stuff.co.nz “Someone opened an email attachment it was in.” He said there was no threat received to make patient information public, just the ransom threat, but that would not be paid. Sigh. Educate the staff. Have backups. And images. Then who cares if their is ransomware? When I worked for WDHB It was the most shocking, hopeless place I had ever come across for IT. The thing about this 'conti' one, is it's great at turning backups off etc before making itself known. Scary stuff. wait for the release of all the patient info. |
the_bogan (9949) | ||
| 1 2 | |||||