Organisation - October 16, 2015

Again 15 percent opened the virus email

Rob Ramaker

For the third time a large number of employees and students of the Wageningen UR opened a virus email. From the five thousand people that the IT department emailed, 15 percent opened the attached programme.

Photo: Christiaan Colen

During the second test in 2014, one fifth of the approached employees and students filled in their password on an unknown website. Therefore the new results are not really a surprise, says Raoul Vernède, security manager at the IT department. But he is concerned about the naivety of users. ‘The IT department is trying their best to combat malicious emails, but we keep repeating: ‘think before you click”.’

For this test the IT department sent two different mails; one reminder for an unpaid bill and one notification of an undeliverable package. The attachment would contain an invoice or packing slip. Actually it was a packaged programme (.exe). In total 740 users unpacked the file. At that moment a warning video started about cyber security. A malicious mail would then install a virus to acquire information or to extort the user.

The IT department is trying their best to combat malicious mails, but we keep repeating: ‘think before you click”.
Raoul Vernède, security manager at the IT department

Vooral dat laatste fenomeen baart IT momenteel zorgen. Sinds begin dit jaar neemt het aantal meldingen van ‘ransomware’ – programma’s die mappen versleutelen en vervolgens om losgeld vragen – flink toe, zegt Vernède. Binnen Wageningen UR valt de overlast nog mee; Maandelijks krijgt IT hier enkele malen mee te maken. De Vrije Universiteit (VU) werd afgelopen maart geteisterd door een ‘cryptolocker’ die ruim tweehonderd pc’s besmette. Het advies van zowel politie als IT is om nimmer te betalen. Besmetting betekent in de praktijk dat computers opnieuw worden geïnstalleerd en dat back ups van gedeelde schijven worden teruggezet. Medewerkers verliezen een deel van hun werk van de afgelopen periode.


The IT department is especially concerned about that last phenomenon. Since the start of this year the number of reports of ‘ransomware’ – programmes that lock files and then ask for ransom – is increasing significantly, says Vernède. Within Wageningen it is still limited; on a monthly basis the IT will only receive a few reports. The Vrije Univeristeit (VU) was ravaged in March by a ‘cryptolocker’ that infected more than two hundred computers. The advice of both the police and the IT department is that you should never pay. In practice the infected computers need to be reinstalled and the backups of shared drives need to be put back. Employees lose part of their work of the past period.

The IT department stresses that the sent email is realistic. Malicious emails nowadays are written in correct Dutch, and appear to come from existing companies such as collection agencies and sometimes even have a professional appearing corporate identity.

The test also has a bright side. Even though 15 percent opened the email, a larger portion of the receivers reported the email to the IT department. The fast signalling helps in fighting it. Since a few year for example the department can remove delivered emails from mailboxes. Also one group – the students – stuck out in a positive sense. ‘Only’ 9 percent opened the email.

From the 2nd until the 6th of November the IT department will hold a ‘Protect it’- week to create awareness about cyber security.