Malicious software stolen from the NSA is used in largest ransomware attack on record

According to an article from the New York Times, cyber-attackers used a cyber weapon developed by the N.S.A. in what has become the largest ransomware outbreak on record.

National Cyber Security Alliance Statement on the Ransomware Attack

Washington, D.C., May 13, 2017 – The world was hit with a widespread ransomware attack starting Friday morning (BBC, NYT, WSJ). Preliminary reports suggest at least 75,000 computers in 99 countries were affected.

The ransomware attack locked the files of impacted systems and demanded payment – $300 in bitcoin – to release the data. Ransomware is not new. The first known ransomware attack – using file encryption – was in 1989. In recent years, ransomware attacks have been increasing as cybercriminals become more sophisticated and as crypto-currencies create a vehicle for non-traceable payments.

“Friday’s attack is a loud and clear wake-up call,” said Michael Kaiser, executive director of the nonprofit National Cyber Security Alliance in Washington, D.C. “The attack was global in reach, and its impact was significant. When we see whole systems like the National Health System in the United Kingdom directly targeted, it reinforces how dependent we have become on our data-driven networks. It is of utmost importance that cybersecurity of those networks be a top priority of businesses and organizations large and small.”

There are defenses that can help to prevent ransomware infections. Basic cyber hygiene can provide significant immunization against such attacks, including:

  • Keep clean machines: Prevent infections by updating critical software as soon as patches or new operating system versions are available. This includes mobile and other internet-connected devices.
  • Lock down your login: Strong authentication — requiring more than a username and password to access accounts — should be deployed on critical networks to prevent access through stolen or hacked credentials.
  • Conduct regular backups of systems: Systems can be restored in cases of ransomware and having current backup of all data speeds the recovery process.
  • Make better passwords: In cases where passwords are still used, require long, strong and unique passwords to better harden accounts against intrusions.

“Businesses and organizations that don’t take cybersecurity seriously are leaving themselves vulnerable to attack and risk significant impact to their operations,” said Kaiser. “We hope organizations around the world will see this attack as a learning experience and begin to engage in adoption of better cybersecurity practices.”

A good starting point for any organization is implementation of the National Institute of Standards and Technology Cybersecurity Framework. By addressing five easy steps – Identify, Protect, Detect, Respond and Recover – businesses and organizations can begin to craft a holistic approach to cybersecurity.

Other helpful resources include: