Ransomware Attack Exposes Cybersecurity Problems Worldwide

Businesses around the world are still on edge after Friday’s massive ransomware attack. The cyberattack, which exploited a vulnerability in the outdated Microsoft XP operating system first noticed by the N.S.A., locked down hundreds of thousands of computers in more than 150 countries. In order to regain access to their encrypted files, victims were asked to pay $300 in bitcoin — a demand that netted the criminals behind the attack more than $1 billion, according to some estimates. App developers are now anxiously waiting to see if a second wave is forthcoming.

The attack was mitigated by anonymous cybersecurity whiz @MalwareTechBlog, who brought it to a halt by purchasing an unregistered domain for $10, thus activating the kill switch. But cybersecurity experts suspect that it’s only a matter of time before the WannaCry malware is updated and deployed again in a modified form. Security companies have consistently warned about the dangers of ransomware, but it’s only now that the world at large is listening. Ransomware is by no means a new threat. Los Angeles app developers may recall an incident in February 2016 when a local hospital was extorted out of $17,000 after hackers held its computers hostage.

Although the attack did not directly impact the U.S. for the most part, several sectors of the government still use XP, leaving them scrambling to patch vulnerabilities, especially at the state and local level. For the mobile app developer community, the most surprising aspect of the attack was that so many government organizations and major companies, including Britain’s National Health Service, FedEx, and the Russian Interior Ministry, were so behind on their updates (not to mention on their operating system of choice). “The issue is that this targeted a relatively new vulnerability that was just patched on March 14th,” according to Dogtown’s resident security expert, co-founder and CTO Rob Pope. “Even though this was two months ago, many organizations have testing that needs to be done before rolling out new patches. They don’t want to rush it and crash 2,000 corporate desktops.”

There are still so many uncertainties surrounding this attack (including the identity of the culprits), but one thing is for sure: organizations all over the world are going to have to rethink their approach to cybersecurity — or start thinking about it in the first place. Pope has a couple of suggestions for how organizations can protect themselves from future attacks. First of all, he notes that the attack originated in phishing emails, with users downloading and then running a file that then spread the malware. “Both effective email filtering and staff training on phishing could have potentially stopped the attack before it got inside the organization. There’s a serious lack of education about phishing at so many companies.”

Pope also notes that critical business assets should be isolated and not connected to the internet. “Ironically, servers often have internet access so that they can be updated,” Pope said. “But if a worm or hacker gains access to the server, they can grab important files from the internet.”