This may be the incident that finally pushes ransomware into the mainstream—and also forces both organizations and malicious hackers to adapt their approaches when it comes to this type of attack.
The “WannaCry” virus, which first hit companies and healthcare services on Friday, has infected some 300,000 computer systems in 150-odd countries. By exploiting a vulnerability in Microsoft Windows, the malware freezes computers, locks up data and files, spreads to other systems, and asks for a ransom in bitcoin payments.
Yet, for all the brouhaha, the attack had netted less than $70,000 as of late Monday— that’s according to sources tracking three bitcoin addresses associated with the malware (there may be other addresses not yet identified).
Cybersecurity experts have been talking about ransomware for many years, but attacks have really taken off in the past year or two, because of economics and access to tools. (Here are some advice columns on preparing for such attacks, from the leaders of security-tech companies Avecto, Barkly, and Digital Guardian.)
The two specific action items that all companies are being urged to do immediately are (1) install the Windows patch, if applicable, and (2) back up their files and data.
And here are five thoughts on the current situation:
1. It’s not over. In fact, related or copycat attacks may have begun without being detected yet. The law-enforcement investigation is ongoing, and may involve multiple national governments before all is said and done.
2. Organizations are adapting, and so are the attackers. Ransomware is not a sophisticated type of attack, but WannaCry is more complex and coordinated than most. Technologists and policy makers alike are talking about ways to overhaul the overall security of the Internet. Microsoft, for one, has been calling for the greater involvement of governments via a “Digital Geneva Convention.”
3. Collaboration in the cybersecurity community helped lessen the blow. Individual experts in the U.K. (someone identified only as MalwareTech) and in the U.S. (a Michigan resident who works at Proofpoint) worked together to activate a “kill switch” in the virus code.
4. Every security or enterprise IT company has a way to combat ransomware. If you just take a sampling of local companies that start with “C,” you’ll come across Carbonite (which offers online backup), CounterTack (endpoint security), and Cybereason (endpoint/behavioral monitoring). And that’s just a few in the Boston area.
5. Sadly, more attacks benefit the cybersecurity industry. Fortune reported that the five biggest cybersecurity-related companies (by one measure)—Cisco, Symantec, Check Point Software, Juniper Networks, and Palo Alto Networks—increased their collective market capitalization by $5.9 billion in early trading Monday. Others seeing a stock boost include Mimecast, Sophos Group, and Proofpoint.
