Ransomware hits admin workstation and kills 7 servers

thanksajdotcom

Cool story. Still, who was stupid enough to get hit with Cryptolocker? Did their AV not pick this up? Did someone ignore the AV warning if it came up?

stus

The AV on the workstation was McAfee, but did not block the malware executing when the admin (in a weak moment) clicked on something...

thanksajdotcom

@stus said:

The AV on the workstation was McAfee, but did not block the malware executing when the admin (in a weak moment) clicked on something...

Oh this makes me want to laugh so hard! Time to switch to Webroot!

thanksajdotcom

@stus I work at McAfee. That's why I find it hysterical!

thanksajdotcom

But not supporting their AV.

stus

Yes, there is some irony here. LOL

scottalanmiller

Welcome to the Mango Lassi community!

StrongBad

@ajstringham said:

Cool story. Still, who was stupid enough to get hit with Cryptolocker? Did their AV not pick this up? Did someone ignore the AV warning if it came up?

Tons of people get hit by Cryptolocker. You have to assume that people will do stupid things in order to think well about security.

thanksajdotcom

@StrongBad said:

@ajstringham said:

Cool story. Still, who was stupid enough to get hit with Cryptolocker? Did their AV not pick this up? Did someone ignore the AV warning if it came up?

Tons of people get hit by Cryptolocker. You have to assume that people will do stupid things in order to think well about security.

I know but still, that's a straight-up AV fail.

stus

@scottalanmiller thanks Scott !!!

StrongBad

@ajstringham said:

@StrongBad said:

@ajstringham said:

Cool story. Still, who was stupid enough to get hit with Cryptolocker? Did their AV not pick this up? Did someone ignore the AV warning if it came up?

Tons of people get hit by Cryptolocker. You have to assume that people will do stupid things in order to think well about security.

I know but still, that's a straight-up AV fail.

AV only protects you if you let it.

thanksajdotcom

@StrongBad said:

@ajstringham said:

@StrongBad said:

@ajstringham said:

Cool story. Still, who was stupid enough to get hit with Cryptolocker? Did their AV not pick this up? Did someone ignore the AV warning if it came up?

Tons of people get hit by Cryptolocker. You have to assume that people will do stupid things in order to think well about security.

I know but still, that's a straight-up AV fail.

AV only protects you if you let it.

Yes, but AV is, as a rule, designed to prevent stupidity. IT guys could go without AV on their computers and would still almost never get viruses. Maybe some spyware, etc but almost never a full-blown virus. We know better. End-users are where AV is most important from a protection standpoint. Obviously IT guys have the admin rights but from a preventing it for prevention's sake standpoint, AV is most important for end-users. Obviously McAfee wasn't doing its job...

Dashrender

@ajstringham said:

@StrongBad said:

@ajstringham said:

@StrongBad said:

@ajstringham said:

Cool story. Still, who was stupid enough to get hit with Cryptolocker? Did their AV not pick this up? Did someone ignore the AV warning if it came up?

Tons of people get hit by Cryptolocker. You have to assume that people will do stupid things in order to think well about security.

I know but still, that's a straight-up AV fail.

AV only protects you if you let it.

Yes, but AV is, as a rule, designed to prevent stupidity. IT guys could go without AV on their computers and would still almost never get viruses. Maybe some spyware, etc but almost never a full-blown virus. We know better. End-users are where AV is most important from a protection standpoint. Obviously IT guys have the admin rights but from a preventing it for prevention's sake standpoint, AV is most important for end-users. Obviously McAfee wasn't doing its job...

Sadly Steve Gibson, a renown security specialist, has reportedly done this - run with NO AV, and gotten no viruii.

I just don't consider that wise unless you're air gapped.

thanksajdotcom

@Dashrender , I'm not saying it's a good idea. We need it because legitimate sites still get hacked and create vulnerabilities for us where there aren't normally ones. Still, most IT guys would be fine 98% of the time without any AV on their systems.

Dashrender

@ajstringham said:

@Dashrender , I'm not saying it's a good idea. We need it because legitimate sites still get hacked and create vulnerabilities for us where there aren't normally ones. Still, most IT guys would be fine 98% of the time without any AV on their systems.

LOL - considering another discussion - Programmers would not be covered by this 98%.. lol

thanksajdotcom

@Dashrender said:

@ajstringham said:

@Dashrender , I'm not saying it's a good idea. We need it because legitimate sites still get hacked and create vulnerabilities for us where there aren't normally ones. Still, most IT guys would be fine 98% of the time without any AV on their systems.

LOL - considering another discussion - Programmers would not be covered by this 98%.. lol

Lol I suppose that would be true

StrongBad

@ajstringham said:

Yes, but AV is, as a rule, designed to prevent stupidity.
Not at all, let alone as a rule. That is not what AV is. I think you are confusing it with best practices.

scottalanmiller

@Dashrender said:

Sadly Steve Gibson, a renown security specialist, has reportedly done this - run with NO AV, and gotten no viruii.

I just don't consider that wise unless you're air gapped.

Sure, you can. You can also not use passwords or always run as the admin. There are all kinds of things that you might get away with. Security is about layers. You can run servers without backups too and you might never lose a thing. But we all know that it is risky. But if you roll the dice, sometimes you make a critical hit no matter how unlikely it is.

And Steve Gibson only doesn't think he has a virus. He doesn't actually know.

scottalanmiller

@ajstringham said:

@Dashrender , I'm not saying it's a good idea. We need it because legitimate sites still get hacked and create vulnerabilities for us where there aren't normally ones. Still, most IT guys would be fine 98% of the time without any AV on their systems.

I've not met these IT guys. I don't think that that is a realistic statement at all. I'd say saying 2% would be fine would be a stretch. Most IT people I see run as admin and are pretty reckless with security.

Dashrender

@scottalanmiller said:

I've not met these IT guys. I don't think that that is a realistic statement at all. I'd say saying 2% would be fine would be a stretch. Most IT people I see run as admin and are pretty reckless with security.

Yeah, because of places like this, when i did my last PC upgrade (to windows I moved to a two user account setup. 1 non admin for normal working - like this posting, 2 admin for admin stuff.

A bit of a pain, but MS really does have it down pretty well now prompting me when it needs elevated permissions.