Am I Missing Something?

Kinja'd!!! "Rusty Vandura - www.tinyurl.com/keepoppo" (rustyvandura)
05/12/2017 at 16:34 • Filed to: None

Kinja'd!!!6 Kinja'd!!! 27
Kinja'd!!!

Or is the best protection against this sort of thing not being a dumbass?

Hospitals not applying security updates, users clicking on strange attachments, et cetera... are given as primary causes in the accounts I’ve read.


DISCUSSION (27)


Kinja'd!!! itschrome > Rusty Vandura - www.tinyurl.com/keepoppo
05/12/2017 at 16:39

Kinja'd!!!4

end of the day nothing can stop this other than stopping stuipid. but you know what, you can’t stop stupid.

How ever being in the industry it’s on IT if this happens and you experience more than an hour or four of down time.

You knock out one of my sites and you know what, I’ll have it back up in under three hours with out data loss. you know why? because I’m prepared for stupid.

Are you?


Kinja'd!!! My X-type is too a real Jaguar > Rusty Vandura - www.tinyurl.com/keepoppo
05/12/2017 at 16:43

Kinja'd!!!1

Yes, you are correct my company will quarantine any system on the network that hasn’t been updated within 5 days of an update being released, our exchange server scrubs e-mails of bad links and we all run malware and anti-virus. Keep your stuff up to date and don’t click on every attatchment.


Kinja'd!!! Rusty Vandura - www.tinyurl.com/keepoppo > itschrome
05/12/2017 at 16:45

Kinja'd!!!0

Would an attack like this one reach out aross mapped drives and enrypt data there, too?


Kinja'd!!! benjrblant > Rusty Vandura - www.tinyurl.com/keepoppo
05/12/2017 at 16:45

Kinja'd!!!0

The wording is so... I dunno. Can’t quite place it. It’s clearly translated or not the author’s first language. It seems borderline comical or joking at points but still tries to be menacing.

Ooops! Your computer just got F*ed! Sure, we can help you recover your files. But if you don’t pay in 3 days, we’ll double the ransom. Everything will be broken forever in a week!

And then this: “We will have (free?) events for users who are so poor that they couldn’t pay in 6 months.”

What?


Kinja'd!!! Mercedes Streeter > Rusty Vandura - www.tinyurl.com/keepoppo
05/12/2017 at 16:47

Kinja'd!!!1

Depends, actually. A lot of companies don’t update their software because they’ve realized some critical applications and/or equipment is dependent on the old software. So then something like this comes around and the IT dept catches on fire because they have to figure out how to fix the issue without crippling the business. Such is even harder when said equipment or software is 3rd party.


Kinja'd!!! Rusty Vandura - www.tinyurl.com/keepoppo > benjrblant
05/12/2017 at 16:48

Kinja'd!!!0

Don’t click on strange , even if it’s from someone you know.


Kinja'd!!! My X-type is too a real Jaguar > Rusty Vandura - www.tinyurl.com/keepoppo
05/12/2017 at 16:49

Kinja'd!!!0

It can depends on permissions of the mapped drive


Kinja'd!!! benjrblant > Rusty Vandura - www.tinyurl.com/keepoppo
05/12/2017 at 16:50

Kinja'd!!!1

So... most of oppo?


Kinja'd!!! jimz > Rusty Vandura - www.tinyurl.com/keepoppo
05/12/2017 at 16:50

Kinja'd!!!1

Never been hit with that, but in the unlikely event I’d be “fuck you I have backups!”


Kinja'd!!! Rusty Vandura - www.tinyurl.com/keepoppo > Mercedes Streeter
05/12/2017 at 16:51

Kinja'd!!!2

Hi! Yes, I understand that, but it doesn’t help IT’s cause when stupid users click on strange things...


Kinja'd!!! itschrome > My X-type is too a real Jaguar
05/12/2017 at 16:52

Kinja'd!!!0

this is correct.


Kinja'd!!! Eric @ opposite-lock.com > Rusty Vandura - www.tinyurl.com/keepoppo
05/12/2017 at 16:56

Kinja'd!!!1

Keep all your configurations in source control and keep up on backups.

With desktops, don’t keep stuff on them and deploy them with automation or boot them over PoE.

I do most of my work in VMs that I can throw away and replace at a moment’s notice. If my desktop got this, I’d be annoyed for maybe an hour.


Kinja'd!!! itschrome > benjrblant
05/12/2017 at 16:59

Kinja'd!!!1

not after 9pm est on a friday any ways...


Kinja'd!!! Mercedes Streeter > Rusty Vandura - www.tinyurl.com/keepoppo
05/12/2017 at 17:00

Kinja'd!!!1

That made me giggle, and so true. We deal with that every day in our department. :D Thankfully most of our systems are run by a mainframe so old it uses a programming language few people know anymore.

I’m still not clear on how this thing works. Is the infection spread by opening a fake email? I heard it was through more involuntary means.


Kinja'd!!! itschrome > Mercedes Streeter
05/12/2017 at 17:04

Kinja'd!!!1

well that’s what business continuity plans are for. I don’t give a flying lizard what you use. Or how old your software is. If Your properly prepared for something like this you don’t have to care. Hell I had a site hit with crypto 3 weeks ago. I had their servers up and running in a virtual environment from a back up less than an hour old and all the desktops refreshed with images from no older than 2 hours and had their actual servers re-imaged and running before the end of the day.

folks this is only a problem for the unprepared. The funny thing about all this is people always say you cant just solve problems by throwing money at it.. well guess what, in IT that is exactly the case. If you cheap out some Russian jerk who likes blow jobs from his sister is gonna fuck your world up. but me? shit fuck my shit up, I don’t care I got it covered yo.


Kinja'd!!! Mercedes Streeter > itschrome
05/12/2017 at 17:17

Kinja'd!!!0

Bonus points for flying lizard. Oh my.

Kinja'd!!!

But yeah, I totally understand what you’re saying and fully agree. I flagged our dev team (I’m IT on the consumer-facing side) to make sure we aren’t vulnerable. We aren’t. Instead we have a Java related issue (that I can’t talk too much about in a public format). Dev tried fixing it countless times. So instead they’re going to go with Plan B and dump the platform entirely for a squeaky new one that’s modern.


Kinja'd!!! Chinny Raccoon > Mercedes Streeter
05/12/2017 at 17:20

Kinja'd!!!1

Believe it’s from email attachments, usually compromised docx attachments. Lots targeted to SME business who may not have the best IT practices.

Some of the few I’ve had recently:

Kinja'd!!!

Kinja'd!!!

Kinja'd!!!


Kinja'd!!! Mercedes Streeter > Chinny Raccoon
05/12/2017 at 17:29

Kinja'd!!!0

Whew, joke’s on them, I hardly read my work emails!


Kinja'd!!! itschrome > Mercedes Streeter
05/12/2017 at 17:36

Kinja'd!!!0

haha something told me you’d catch that! and yeah java..... I don’t like java


Kinja'd!!! Dave the car guy , still here > Rusty Vandura - www.tinyurl.com/keepoppo
05/12/2017 at 18:10

Kinja'd!!!0

I USED to have access to our work computers through a log in. Of the roughly 1500 employees in our autogroup, maybe 50 of us used it for working from home a little when sick or doing invoicing/inventory management/ordering after hours. We had virus and malware issues from a few idiots (all from management) that shut us down more than once. They took away that access from all but about 12. The issues continue, so what did that prove?.....STUPID USERS SHOULDN’T CLICK ON STRANGE THINGS!!!!! Knew you’d like that.


Kinja'd!!! Rico > Rusty Vandura - www.tinyurl.com/keepoppo
05/12/2017 at 18:23

Kinja'd!!!2

As a fellow IT person, yes this is aggravating!


Kinja'd!!! coqui70 > benjrblant
05/12/2017 at 18:32

Kinja'd!!!1

They could care less about your files ... it’s all about generating revenue. They figure after 6 months you won’t pay anyway. It’s just like speeding tickets ... it’s not about making you safer.


Kinja'd!!! bhtooefr > Mercedes Streeter
05/12/2017 at 19:07

Kinja'd!!!0

!!! UNKNOWN CONTENT TYPE !!!


Kinja'd!!! Rusty Vandura - www.tinyurl.com/keepoppo > Dave the car guy , still here
05/12/2017 at 19:08

Kinja'd!!!0

Yup. Have you considered enquiring about getting your access back?


Kinja'd!!! Dave the car guy , still here > Rusty Vandura - www.tinyurl.com/keepoppo
05/12/2017 at 21:09

Kinja'd!!!0

Nope, 4 yrs from retiring. They just saddled us with a new software called Era-Ignite. No formal training yet,threw it at us. Two different companies D2DLink and Reynolds&Reynolds systems to work together. My manager and support from both spent hours trying to get it to work after IT set it up. I played with it with each support for 30 minutes and figured out the one box that hadn’t been clicked to make it work for us. I’m not a system administrator and don’t get paid enough to solve this shit. It irks me to no end. The less I have access to now the better or they would be asking me to do stuff again on my own time. I used to do normal receiving and purchase order approval work 2-8 hrs a week in evenings but with no access I have more of my own life back. WINNING!


Kinja'd!!! Rusty Vandura - www.tinyurl.com/keepoppo > Dave the car guy , still here
05/12/2017 at 21:20

Kinja'd!!!1

Score!


Kinja'd!!! wkiernan > Rusty Vandura - www.tinyurl.com/keepoppo
05/13/2017 at 06:57

Kinja'd!!!0

Yep, a marketing person at my company clicked on an email attachment and got a version of the crypto-locker bug on her laptop, which proceeded to encrypt about 30 GB of files on our network server before she shut her laptop off.