[dguido]

The weakest link was that the computer with access to $10 million+ had access to the general web and was running a general purpose operating system at all.

You don't need Qubes to secure this situation. You could use an iPad/Chromebook or a filtering proxy (whitelisted websites) and either would be sufficient.

[TwoBit]

That seems to be the fundamental engineering flaw here. Also, their email system shouldn't allow executable attachments. The last company I worked at completely stopped all such virus infections by killing all executable attachments.

[dguido]

That works too! Why any of this software was running on a machine that can transfer $10mil+ is beyond me.