Embarrassed firms pay big ransoms, keep quiet
Companies are usually too embarrassed to admit to falling victim to cyber attacks, says a cyber security expert.
The recent Wannacry ransomware preyed on known vulnerabilities in systems that companies tend to leave ‘‘unpatched and unprepared’’, said Redshield chief executive and founder Andy Prow.
‘‘There are a lot of organisations that would rather it not be public,’’ he said.
Prow said he was privy to ‘‘closed door discussions’’ following six massive ransomware attacks on companies in the United States, where seven-figure transactions were kept under the covers.
‘‘Some of those have been highprofile organisations and so actually the payment itself is fully undisclosed, because in many ways the fact there was a compromise is quite embarrassing.’’
Malware paired with cryptocurrency transactions was one of the fastest-growing issues Red Alert was seeing, Prow said.
‘‘Personal data and business data has become invaluable and cyber criminals are taking advantage of that.’’
Prow expected ransomware paired with data encryption, data destruction, and business interruption would become more common.
‘‘This is proving to be an effective commercial model.’’
But New Zealand companies are often smaller, easier to patch and less targeted, Prow said.
The Wannacry ransomware infection largely missed New Zealand computers.
The sole New Zealand business reported to be affected by the Wannacry cyber attack so far has been Christchurch’s Lyttelton Port. The port scheduled an urgent systems outage from 11pm yesterday until 7am this morning.
Cert NZ said it had not received any fresh reports of Wannacry impacting New Zealanders since Monday, when it received ‘‘a small number’’ of attack reports which it was still seeking to confirm, a spokeswoman for the government cyber-crime agency said.
The Financial Times reported that Microsoft was targeted with a repurposed cyber-spying tool called Eternalblue, which was stolen from the US National Security Agency and leaked online last August by an entity calling itself the ‘‘Shadow Brokers’’.
Eternalblue exploited a security loophole in Windows operating systems that allowed malicious code to spread through file-sharing structures such as dropboxes and shared drives.
In a statement, Microsoft president Brad Smith said the attack should be treated as a ‘‘wake-up call’’ for governments, which he accused of ‘‘hoarding these vulnerabilities’’.
‘‘They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world,’’ Smith said.
The ransomware’s ‘‘kill switch’’ was activated thanks to a 22-year-old British cyber analyst, who purchased an obscure web address the ransomware was querying for $11 and activated it.
There have been no reported instances where paying the Wannacry ransom has resulted in decryption.