Did they BCC or CC?? If CC, then
Reply All: TAKE ME OFF THIS LIST RANSOMWARE ATTACHED
Official anti-ransomware advice issued by UK police to businesses can only be read by clicking on a link titled "Ransomware" which leads direct to a file helpfully named "Ransomware.pdf". In case you've been living under a rock, large chunks of the digitised world, including most of the NHS, were, ahem, digitally disrupted by …
a downloaded file might have a name or icon that makes it appear to be a document or media file (such as a PDF, MP3, or JPEG), when it is actually a malicious application. A malicious application disguised in this manner is known as a "Trojan".
Lots of people argued when the first OS X public beta came out that filename extensions shouldn't be used (they never had been before OS X) because then OS X could have the same malware problems as Windows. Apple ignored them.
If you don't use filename extension, you need to use filesystem metadata (which are an issue to transfer across file systems not understanding them, or across network transmission), or specific extensions to the file format (i.e the resource fork), but they can still be spoofed, and may require a file type registrations somewhere.
Maybe OS could become a little more clever and try to understand when "uncommon" (or better, common attempts to deceive users) are present. I.e. the .doc.exe or .pdf.exe extensions, and maybe adding an overlay icon to any executable file, regardless of the file icon. Not resolutive solutions, but better than blindly displaying everything...
It's just a presentation/Finder problem. For files written by software, the file type could be stored with the file an xattr. For mail attachments, the file type could be sent/received as a content type ignoring file extensions completely. If no file type is available (e.g. external drive/network) then magic could be automatically run when Finder first sees the file and the result saved as an xattr. If magic guessed wrong then the user can change it in get info.
I dislike having file extensions as the control given that a user today deleted several old .pdf files assuming they were documents when in fact they were Payroll Data Files*.
It was probably time to test the backups anyway!
*Quite why the payroll software uses this extension, and why they store user generated files in the same directory as the system data files is another matter.
I can't remember the application name but on my Apricot the Printer Definition Files were quite important!
Then again, deleting them was not so easy as it would mean finding the floppy disk, sticking a bit of tape over the notch, and then deleting them so although it could still be done, it would be harder to make it look like an accident.
Could have been worse, could have been called "ransomware.pdf.exe"
Are they really that incompetent? I suppose the pdf also tells you not to click links or open pdf's from unknown sources. Unless when you do open it then it comes up in big letters "You Stupid!" and explains why. That would be a good idea and is a good idea for anyone that wants to see if people in their own organisation would open files that they shouldn't. Set up logging to the file on the network to see who accesses it then disable their email and internet forever.
And what's the betting that the PDF contained absolutely nothing that couldn't have be written in plain text in the email, just with pretty pictures and logos?
My all-time greatest example of this stupidity was an email with an attached doc, that consisted of little except an embedded URL, which you clicked to reach a webpage that could have been an HTML email.
Watching this whole WannaCrypt debacle, it's like being stuck in the bubonic plague epidemic in the Dark Ages armed with a supply of antibiotics. All the while the natives wilfully ignore the cure and keep trying the old ineffective remedies, such as rubbing chopped-up onions on the infections. But it's a bacterium you cry and there is a cure. Not so says the natives, it's the wrath of God because we're not been saying our prayers.
The police in the UK are playing a clever game:
Step 1: Get journalists to install ransomware
Step 2: Demand that any interesting targets (El Reg hacks who keep annoyingly revealing Gov's snoop fetish) reveal the passwords/encryption keys to the files they have in their possession
Step 3: Lock 'em up
That is how this works, right?
You know, when I see the Police doing mad stupid shit like this, it makes me wonder how on the ball they are when they're spying on everyone's communications?
Criminal: "You got any of that plastic stuff left over? Need it for a job tomorrow. It's a big one."
Copper: "Plastic stuff? A job tomorrow? Probably construction. Nothing to worry about."
----
Ordinary Joe: "Have you seen that big bomb in Aston mate? It's going to go off shortly?"
Copper: "TERRORIST! TERRORIST!!!!!"
Frankly, yes.
But that's probably how it should be. Most people want a 999 call for somebody breaking in late at night answered by big burly chaps with lots of training in using handcuffs, a truncheon and little hesitation in using both rather than an a nervous accountant/IT type. Not a new issue!
Basically, to go with basic physical enforcement of the law the powers that be came to the conclusion in 1854 that they needed people with more subtle detective skills, hence CID. What we need now is a separate department to deal with IT issues, and drawing in people from the rank and file police is largely a waste of time.
Simple solution, create a department called Crime (IT) and then just hire enough people who can do "magic bits" (like resolving IP addresses) and explaining bits to police officers who are happy with going out with handcuffs.
If you drive along a road at 21 mph
They can't even get that right. The Plods routinely hand-hold their speed guns, thereby invalidating any readings. They also forget to calibrate them (has to be done daily to make their measurements valid) and when challenged to produce the Calibration Certificate bluster about it being "lost". If you get nicked by means of a speed gun, ALWAYS challenge it.
The clueless Plods will always be forced to back down and in many cases have had to pay substantial damages to the persecuted motorists. My last settlement from Thames Valley Plod was £8250 plus expenses of £4728 (I had to fly in from Canada to defend the case).
AC for obvious reasons!
"Always use caution when opening (such as by double-clicking) files that come from someone you do not know,..."
My advice:
Always delete emails without reading or opening attachments when they come from someone you don't know. Always treat with caution email attachments from those you do know.
"..and make sure that mail preview windows are DISABLED - because they open attachments automatically."
I've never seen a preview window open any attachment automatically. Care to cite your source or name the software?
Unless you're referring to displaying inline images, which is a different matter. Excepting rendering bugs, they are not executable or exploitable.
"Coming from someone you know" is a pretty low hurdle to clear. Was a useless rule for dealing with last week's attack.
And seriously, preview panes opening attachments automatically? That hasn't happened in at least 10 years, probably longer. By default, most email clients don't even download linked web content such as images, much less execute anything.
The advice about e-mail safety these days is very different from what it used to be back when I first got on the net (dinosaurs still walked the earth in those days).
In the early days of the intertoobz, people were told it was perfectly safe to open attachments that were images, it was only executables they had to worry about.
It wasn't so long before that advice was rescinded, thanks to Microsoft "helpfully" hiding file extensions. So that "x.gif.exe" was described as "x.gif" (but had a strange icon). The advice became "make sure it's really an image before you open it."
That was superseded by "Microsoft's buggy image-handling routines mean it's no longer safe to open image attachments even if they really are images."
Then spammed malware became common so advice was amended to include not opening attachments from unknown sources.
Then malware writers clued up and started going through the user's address books. So you'd get infected spam mail from people you knew. So only opening mail from known sources was no longer a defence.
But things have changed:
Always use caution when opening (such as by double-clicking) files that come from someone you do not know
There ya go. This problem has been solved without me realizing it. Something (I don't know what) now makes it perfectly safe to open attachments from people you know. It's only attachments from people you don't know that are unsafe.
Now I can open that mail from my mate Tom, the one titled "Look at these pics of what I got up to when I was drunk last Saturday." It's perfectly safe. It's not just El Reg telling me this, it's almost every news site on teh interwebz. New technology, released without announcement, now means it's perfectly safe to open attachments as long as they're from people you know.
Before everyone downthumbs me, I did see the bit about "or if you were not expecting them." The thing is, I often get unexpected mail from friends because they're eager to tell me about something I didn't even know happened. Such mail may contain attachments. And if the text is brief enough and generic enough, it will seem genuine to a large proportion of people.
So the real advice is "Don't open attachments. Ever." Oh, but there was that bug in some mail readers where merely opening the mail passed attachments through to rendering s/w so you could see a thumbnail of it, and the rendering s/w was flawed. So the real advice is "Don't read mail. Ever." Oh, but wasn't there a mail reader that would pre-generate the thumbnail before you opened the mail, and that had a flaw? So the real advice is "Don't fire up your mail reader. Ever."
Ah yes. The old file extension trick. The old ones are the best.
Please forward this message on and all your dreams will come true plus you'll get a blowjob and save 5 puppies from being thrown in a burning oil drum in front of starving African children who will also get a meal and clean water if you forward this on.
The thing is, everyone knows this sort of advice doesn't really make anyone safer. It's just The Authorities covering their collective arse.
This way, when someone gets hit, they can throw up their hands and say "We told them!" And that means it's officially Not Their Problem any more.
If the gov't could designate someone whose problem it definitively is, then we might get something more useful. Until then, we're on our own.
In the early days of the intertoobz, people were told it was perfectly safe to open attachments
In the old days, emails were 7-bit ascii and you didn't have to worry about complicated stuff like attachments. Because they didn't really happen..
Links to dodgy FTP or gopher sites.. well, yes. But they were generally of the "don't let your boss/SO/HR department see you open this" type of link..
Ahhh. The old days were the oldest!
"Microsoft, the company that made letters and numbers dangerous"
They also gave us widespread use of the Arial font by dint of defaulting to the first font alphabetically.
It was a pleasant change from the previous choices of Times New Roman or Courier, but gave us a font in which capital I, lowercase L and the numeral 1 all look the same.
Objection! The numeral 1 in Arial is quite distinctive, nothing like the lowercase L or capital I.
But Arial is also the venue of Microsoft's biggest crime against typography, and that is "zero thought put into kerning". Which means that in a lot of MS-derived software, it's impossible to tell the difference, visually, between 'd' and 'cl', or 'm' and 'rn'.
Kerning (and yes I saw what you did there) - there's an obligatory xkcd for that!
Or when your corporate Cyber-Security annual training is outsourced, so the email everyone in the company got to invite them to the training looked just like what you were supposed to avoid:
Unknown sender
Link to an abbreviated URL
All recipients on bcc
Lots of "action" words - "Immediate" "compliance" "required"
Font changes through the body of the message
This was the week after Corp IT Security sent out an email describing exactly what to watch out for, and they managed to check every box on the list. I can't imagine how many help desk tickets got opened that day!
The police message in question was sent via a trusted system that subscribers signed up to. The name of the PDF could have been better expanded upon, but the point is it was sent to a closed audience from a trusted source via a trusted service. The file is clean but some were very cautious because of its name. What should it have been called? Dont-panic-this-is-perfectly-safe-to-download.pdf ?
Or was the email encrypted
Don't be silly - you *know* that only criminals or terriorists[1] use encryption! Well, are you one of those punk? Do you feel unlucky?
[1] Speeling mistook inteshonul. Given the current canine polluter^Winhabitant of my feline nirvana..