On Fri, Nov 14, 2014 at 09:34:48AM PST, David Veer spake thusly: > We have seen CryptoWall hit a number of systems too over the last month or > two for different organizations around the city. Has anybody on the list > been able to determine the attack or infection vector for it? We'd really > like to figure out how it's getting into the networks and systems to begin > with.
John Quigley <quigs...@gmail.com> (to whom you are replying to above) explained clearly what the infection vector is: > On Nov 14, 2014, at 10:50 AM, John Quigley <quigs...@gmail.com> wrote: > > >* The malware arrived through a fake fax attachment in Outlook that a > >receptionist opened. So what security controls should be put into place to resolve this? Among the possibilities are: 1. Segmentation - Why should a receptionist's infected computer be able to encrypt the whole company? She should never have had most of that data, not to mention the actual "backups", mounted to her computer. 2. Authentication - Email is easily faked. Anyone can write anything they want in the From: field. We really need to move to signed and encrypted emails. 3. Education - The secretary may have to be trained to notice what suspicious or unusual email attachments look like. I bet this email was different than the usual and could have been spotted as trouble. > >* He did have backups, as many have asked about, but they must have been > >through a connected drive because they were encrypted as well. His IT was > >outsourced to a local firm. He may have thought he did but he didn't actually. Not if they were connected such that they could be encrypted. > >In talking with someone at a local cloud company yesterday, I learned that a > >number of large organizations in our town, including banks, have been hit > >with Cryptowall in the past few weeks. On the news this morning was a report > >of a sheriff's office in TN paying the $500 ransom after working with FBI. Just wait until your bank loses your savings because all of their records got encrypted. :| -- Tracy Reed
pgpY03V7Ryfgq.pgp
Description: PGP signature
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
