IT managers of companies from county government offices to Fortune 500 companies have one very important thing in common: They employ humans. Sadly, no matter how much coaching and training and reminders we give users via email, Webinar, Web-based training, and PowerPoint presentations — sometimes they get it wrong. This is the story of one such user.
Ransomware strikes in 2013
I thought ransomware was relegated to mythical status, the Kraken of malware killed by the Perseus network perimeter operating system (PNPOS). But no. I got a call this week from a frantic user who said, “I got a message from AVG saying it found an infected file and to click here to remove it, and when I did, I got this weird screen saying the FBI had impounded my computer because of illegal activity, and I have to pay $500 to get the computer released!” Srsly.
Say what? I trotted myself down to the client’s office and sure enough, this user who should have known better had invoked a bad case of ransomware. It said that if the user entered the numbers from a certain type of prepaid card, the computer would be released in 1 to 4 business days after that. (Y’right.) My Emergency Repair Disks (ERDs) in hand, I rebooted and booted from CD and got error messages about a corrupt boot sector. I got to a command prompt and by DIR command there appeared to be data, but I couldn’t get devices recognized to copy files off. It was a mess.
Lesson Learned: Remind users about malware
We drilled a hole in the hard drive of that PC and configured a new one. This user was embarrassed because, frankly, she should have known better. It was hot, she was stressed, she clicked without thinking. In big corporate network environments, we like to think it’s next to impossible for a user even to get a chance to enable malware. But if it gets through, someone will click on it.
Do you do periodic information security training with your users? If so, make sure that you remind users what you want them do if and when they counter suspicious emails or pop-up messages. If you don’t do annual information security training for all users in your organization, start now. First, you can write a short email reminding All Users that if ever they see a message about “cleaning” or “removing an infected file” or the like, they should click on what? Class? Class? NOTHING! Remind your users to call the help desk if they get any suspicious email or pop-up messages on their work-provided computers.
Need a malware policy? Download our template as a free sample of our Ultimate IT Policy Toolkit!
If you don’t have a formal policy in place that tells users how you as IT manager are implementing antivirus solutions on your network, it may be hard to enforce violations of common sense IT policy, like, “don’t click on or download anything you weren’t expecting, even messages about infected files.”
The Malware Security Policy includes several rules that you can customize to define the malware policy for your organization. Here’s the rule that’s relevant to telling users what to do (and not to do) if they encounter malware:
Users must not attempt to eradicate computer viruses. If users suspect infection by a virus, they must immediately call the IT Department and refrain from attempting any type of troubleshooting on their own. Computer virus eradication must only be performed by authorized personnel who have been approved by the IT Department to do that work.
Download Toolkit Cafe’s Malware Security Policy Here!
This download is free to all Toolkit Cafe Registered Members. Please login to download
Not Registered Yet? Click below to “Join Us At Toolkit Café”!
(Once you have logged in, return to this page and refresh your browser to access your free download)
Have you dealt with ransomware?
If you or your users have encountered ransomware, share your experience by sending an email to [email protected] or by posting a comment below.