Training and decent IT
Nothing unusual about spam based ransomware
" Forcepoint Security Labs reports that malicious emails carrying Jaff are being cranked out at a rate of 5 million an hour on Thursday"
"The sprawling Necurs botnet went dormant around the start of the year before returning to spread Locky and more recently a pump-and-dump stock price scam. It's unclear if this week's switch to Jaff will be sustained but this likely depends on the success of the ransomware's "opening run"
The one that was opened in various NHS trusts just had the added "spread by network share bug" uncovered by NSA.
People are not only clicking on link or opening attachments, but ALSO at LEAST once clicking on OK.
Patches can be good (sometimes bad), but Training and decent IT, almost all the time is the best solution.
Mitigation:
1) Don't click on links or open attachments in email ever, unless expecting them. Hover mouse on links to see where they really go. (Training)
2) Switch off/disable/uninstall all services not used
3) Use properly configured on premises mail server appliance (free linux box and open source POP/SMTP/IMAP no need for Windows Server + Exchange) if more than three users. Mostly strip/textualise links and quarenteen attachments.
4) Only open document attachments with software that can't run macros or Active X or VBS
2 to 4 are basic IT skills. Most MCSE/MCP courses are useless. I was an MCP with over 80% score in four MCSEs. They are rubbish. Microsoft marketing.