‘Lucky escape’ for NZ in global malware attack
The global ransomware attack has prompted warnings to business owners on investing in security updates and educating staff.
NZTech chief executive Graeme Muller said logistics companies and some government organisations that used many desktop computers were at most risk of ransom cyber-attacks, and should use the WannaCry hacks as an opportunity to review their cybersecurity measures.
The WannaCry variant attacked computers through a flaw in Microsoft Windows’ SMB Server, locking access to files and demanding a ransom of up to NZ$874 from each user. The malware infected 126,000 computers in 104 countries, and the victims included Global freight company FedEx and Spanish telecommunications company Telefonica.
Muller said the cyber-attacks were a ‘‘criminal tax’’ because they were a cost to businesses, whether they were targeted or not.
Businesses that had sufficient protection in place would have to reboot their entire system if it was hacked, costing time, and those without backedup systems would either have to pay the ransom or buy an upgraded system, he said.
Continual upgrades were a priority despite the potential enormous cost.
Muller urged New Zealand businesses to install the latest software updates. A Microsoft patch released in March would have prevented WannaCry from exploiting the Windows flaw.
The cyber-attacks could cost lives if hospital computers were breached and access to important patient information was blocked, Muller said. The UK’s National Health Service was also infected, forcing some hospitals to turn patients away.
Muller said the attacks were ‘‘just another robbery’’, likely being carried out by an international organised crime syndicate such as the Russian mafia because it was low risk and profitable.
He suggested New Zealand companies block international emails from entering their servers for the time being. However, the best protection was educating staff about security.
Aura Information Security general manager Peter Bailey said employees’ lack of awareness of phishing emails was the greatest weakness.
He urged businesses to run internal information campaigns on detecting and avoiding email scams.
New Zealand’s Computer Emergency Response Team said yesterday that it had not received any reports of WannaCry ransomware attacks in New Zealand.
Muller said any victims should alert Cert, to ensure the safety of other New Zealanders.
‘‘Touch wood, it has been a lucky escape and opportunity for New Zealand to protect the economy.’’