New Ransomware, Old Headaches in Global Ransomware Attack

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Joyce E. Cutler

Companies scrambled June 27 to combat the latest global ransomware attack that hit thousands of companies, including pharmaceutical company Merck Inc., shipping and logistics company A.P. Moller-Maersk A/S, and law firm DLA Piper LLC.

Maersk in a tweet confirmed its “IT systems are down across multiple sites and business units due to a cyberattack. We continue to assess the situation.” DLA Piper and Merck also confirmed they were hit.

McAfee Labs Chief Technology Officer Steve Grobman told Bloomberg BNA that the attack “is clearly a major incident that is impacting organizations around the globe.” Companies are battling “a ransomware epidemic” as computer worms infect individual machines and systems and increase the number of systems held for ransom in the form of bitcoin payments, Grobman said.

More than 2,000 organizations were hit in the cyberattack that affected Microsoft Corp. Windows computer users most prominently in Russia and the Ukraine, according to a statement from Moscow-based cybersecurity company Kaspersky Lab. The security company said it has more than 270,000 business clients worldwide.

The malware is a form unseen before and not a variant of last spring’s Petya ransomware, Kaspersky said. The exploit is modified from a software exploit taken in a hack of the U.S. National Security Agency, the company said.

Lessons Unlearned?

“Expect complacent security staff in compromised companies to point the finger elsewhere and avoid accepting responsibility for leaving systems vulnerable,” Hamid Karimi, global vice president of business development at Beyond Security security testing company, told Bloomberg BNA.

“When the dust settles, expect most companies that can afford a more stringent security policy to begin building stronger defenses around their assets,” Karimi said.

Regardless of industry, it appears that companies running older software platforms with vulnerabilities are being hit, Mark Testoni, President of SAP National Security Services, said in a statement to Bloomberg BNA.

One takeaway from the recent WannaCry ransomware attack is the widespread use of outdated software platforms by organizations involved in U.S. critical infrastructure, Testoni said.

“We need to have a collective conversation between the software industry, government and commercial entities about standards to close the risk aperture presented by the use of these unsupported technology platforms,” Testoni said.

Patchless Problems

Microsoft issued a patch in March after the WannaCry exploit circled the globe—even offering a patch for the aging XP operating system, Michael Borohovski, cofounder & CTO at Tinfoil Security computer and network security, told Bloomberg BNA.

Companies should long ago have installed the fix, he said. “A quarter is a long time when it comes to security,” Borohovski said.

The situation is repeated “over and over,” Borohovski said. “A law firm doesn’t invest enough in focusing on their cybersecurity risk, even at their basic level. They have a staff but perhaps” aren’t investing in systems.

And that may take another shock to the system, he said. “Some form of negligence might be useful here because what matters to a Maersk or a DLA Piper is the bottom line.”

—With assistance from Daniel R. Stoller in Washington

To contact the reporter on this story: Joyce E. Cutler in San Francisco at JCutler@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security