In the wake of last week’s massive security breach across Europe and Asia, experts advise keeping computers secure by updating systems.
Companies around the globe have begun to reverse disruptions caused by the spread of a computer ransomware that infected up to 200,000 computers in 150 countries late last week. Although more computers were expected to be hit by the virus known as “WannaCry” as workers logged on for business Monday morning, officials hadn’t detected a massive follow-up attack perpetrated by similar software as the workweek began, the New York Times reported.
“We have not seen a second wave of attacks, and the level of criminal activity is at the lower end of the range that we had anticipated, and so I think that is encouraging,” British Health Minister Jeremy Hunt said. Britain’s National Health Service was one of the organizations severely impacted by the malware. Several of its hospitals reportedly had to turn away non-emergency cases as the agency battled to stop the software from further corrupting its computer network. As of Saturday, Home Secretary Amber Rudd said that operations at 97% of NHS facilities infected by the ransomware had resumed normal operations, according to a report in Bloomberg.
Several major companies and agencies in other countries halted operations due to the ransomware as well. French automaker Renault SA suspended production at some of its factories around the globe after the virus struck. By Monday, the company said 90% of its facilities had restarted operations. Also as of Monday, Germany’s national railroad, Deutsche Bahn, was still repairing glitches in electronic transit information boards. However, the railroad’s electronic ticket machines were already up and running by Sunday.
In China, several government agencies and universities reported disruptions following the malware attack. In addition, the virus disabled digital payment systems at 21,000 PetroChina gas stations; 80% were operational as of Sunday.
Companies in the U.S. were breached as well. FedEx reported on Friday that some of its Windows-based computer programs had experienced “interference” caused by a malware.
A Money Ploy
By stealthily bypassing a computer’s security systems, the ransomware locks files and demands payment from the user before access is granted. Hackers called for payment in Bitcoin, which is difficult to trace. Although the ransom requests were relatively small — typically $300 — the amount can add up. Tom Robinson, CEO and co-founder of Elliptic Enterprises Ltd., a ransomware consultant, told Bloomberg about $50,000 had already been paid, with that figure expected to increase.
Fortunately, a UK cyber security researcher known only as “MalwareTech” ended the transmission of the ransomware when he inadvertently hit its “kill switch.” MalwareTech told The Guardian that all users must be alert to security breaches and regularly update their systems. “This is not over,” he warned. “The attackers will realize how we stopped it, they’ll change the code and then they’ll start again. Enable Windows update, update and then reboot.”
His warning was echoed in a blog written by Microsoft Corp. President and Chief Legal Officer Brad Smith. He urged Windows users to download the software company’s latest security update released in March. Smith also stated Microsoft was making the patch available on its older operating systems. “As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems,” Smith wrote.
An Increase in Cyber Attacks
The “WannaCry” ransomware attack follows a series of high-profile cyber security breaches in recent years. Hackers have infiltrated the networks of retailers, corporations, and government agencies.
Target’s credit and debit card accounts, as well as customer information, were breached in 2013, leading to a loss of $252 million the next year. In 2014, North Korea allegedly spurred a hack into Sony Pictures Entertainment’s private files in retaliation for an unflattering film about the country’s leader.
Last year, hackers obtained usernames, emails, passwords, and other personal information of more than 500 million Yahoo users. Not even the U.S. government went untouched. The Department of Homeland Security and the Federal Bureau of Investigation experienced a serious breach in 2016 when a hacker distributed the names and contact information of 29,000 employees.
Unlike European and Asian companies, U.S. corporations have sought to recoup any losses attributed to cyber attacks by purchasing cyber insurance. Kevin Kalinich, Global Head of Aon Plc’s cyber risk practice, told Reuters that U.S. enterprises account for the vast majority of cyber insurance policies sold. Currently, the cyber insurance market has accumulated annual premiums of between $2.5 billion and $3 billion.
Cyber insurance protects companies after an attack. But as experts like Microsoft’s Smith and “Malware Tech” advise, the best protection is prevention. So whether you’re a large global corporation or a small independent insurance agency, always remember to update your network’s security system. This simple patch could save your business lost time and revenues.