{"id":15165,"date":"2016-12-01T12:00:59","date_gmt":"2016-12-01T17:00:59","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=6328"},"modified":"2018-09-18T09:05:24","modified_gmt":"2018-09-18T13:05:24","slug":"weak-link","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/weak-link\/15165\/","title":{"rendered":"The weak link in a rusty chain"},"content":{"rendered":"

A company\u2019s business stalls because of a cryptor. The affected documents are customer agreements, accounting records, and, most troubling, the annual financial report. Essentially, most data can be restored, but it\u2019s going to take time and resources. The head of the IT department is charged with assessing the situation, solving the problem, and reporting results to the board. By and large, her report will define the measures to be taken and identify those responsible for the incident.<\/p>\n

Strictly speaking, there was no need for an in-depth investigation. The scheme was simple: Almost all of the company\u2019s employees with publicly accessible addresses received an e-mail with the subject line \u201cUrgent! Relay to the accounting department!\u201d The body of the message contained threats of large fines to be imposed for failing to submit certain tax papers on time, and the attachment ostensibly incorporated a list of those documents. Naturally, several compassionate souls forwarded the letter to the head of accounting, who opened the attachment.<\/p>\n

\n\n\n\n\n\n\n\n
Company profile<\/b><\/td>\n<\/tr>\n
Name:<\/b><\/td>\nCJSC \u201cNeutrino\u201d<\/td>\n<\/tr>\n
Staff:<\/b><\/td>\n290 employees<\/td>\n<\/tr>\n
Business:<\/b><\/td>\nElectronic components supply<\/td>\n<\/tr>\n
The company was founded about 15 years ago as a local branch of a major international manufacturer, but 6 years later it became an integrated supplier of electronic components. Over time, the company has grown into a permanent partner of many organizations, both commercial and government. The company also works with representatives of the military-industrial complex.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

The chief accountant\u2019s computer had a security solution installed, although some of its functions were apparently disabled. The company\u2019s CEO directly granted local administrator privileges to the chief accountant, and he was free to disable subsystems that he considered unnecessary.<\/p>\n

The weak link in a rusty chain. #infosec #ransomware<\/p>Tweet<\/a><\/blockquote>\n

The criminals are now demanding ransom. The sum is not exactly formidable, and the company won\u2019t go broke if it pays. But there\u2019s no guarantee that paying will help \u2014 and anyway, no one is really fond of being manipulated by criminals. Moreover, the IT director reasonably supposes that if the company pays, the sum of the ransom money will be deducted from her department\u2019s budget.<\/p>\n

Which question is more important to answer: \u201cWho is guilty?\u201d or \u201cWhat must be done?\u201d<\/h2>\n

Actually the IT director faces a few choices. The incident may be explained by the shortcomings of the existing security system (antivirus was installed, but it failed to prevent the encryption), by acknowledging one\u2019s own mistakes (as the director of IT, she is responsible for the security of the company\u2019s information), or by blaming other people.<\/p>\n

\"\"<\/p>\n

In short, the IT director\u2019s options are one or more of the following:<\/p>\n