Supplier Risk Monitoring

Global Ransomware Attack Cautions Organizations to Increase Security of Critical Systems

Vandana Mohanchandran Written by Vandana Mohanchandran

Market analysts cited that the global ransomware attack that occurred on Friday, May 12, 2017 was the biggest ransomware outbreak in history. According to experts, over 100 countries were affected by the cyberattack, with Russia having been the hardest hit, followed by the United Kingdom’s NHS health service. The attack caused immense disruption to global organizations operating across various industries like telecommunications, manufacturing, and healthcare, with IT systems shut down and cancelled operations impacting businesses, hospitals, utilities, and government entities around the world.

According to Russia’s Interior Ministry, around 1,000 computers had been infected by the ransomware but they managed to restrict the attack. Among the countries struck by the malware, Spain, India, and Ukraine were harshly affected. However, Avast, a Czech Republic-based security software maker, reported that 57,000 infections were observed across 99 countries, quoting Taiwan as one of the top targets. In the United States, the effect of the ransomware was not detected as widespread initially. Hacking group Shadow Brokers reportedly released the malware in April 2017, after claiming to have discovered the flaw from the US National Security Agency (NSA).

Antivirus specialists believe that criminal organizations were behind this global attack owing to the speed at which the malware spread. Ransomware is malicious software that infects machines, locks them by encrypting data, and then attempts to extort money to let users back in. The software used in the latest attacks is called WannaCry or Wanna Decryptor which exploits vulnerability in the Windows operating system. It effectively allows the malware to automatically spread across networks, quickly infecting large numbers of machines within the same organization. Cyber extortionists deceive victims into opening malicious attachments that appear to contain invoices, job offers, security warnings, and other files. The ransomware then encrypts data on the computes, demanding payments of US$300 to US$600 to restore access.

This attack quickly multiplied across IT systems through an identified vulnerability in Microsoft Windows. Microsoft said it had released a security update in March to address this, but many organizations were yet to run it.

Potential Risks and Legal Implications of Ransomware to Organizations:

Federal Trade Commission (FTC) Act – Failure to secure networks from ransomware could lead to significant harm to consumers and employees. An organization’s incapacity to sustain its day-to-day operations during an attack could affect access to critical services like healthcare. A company’s failure to periodically update its systems and patch vulnerabilities could be a violation of the FTC Act. Nearly all data security actions brought by the FTC have been settled and have resulted in settlement agreements that typically impose obligations for up to 20 years.

Litigation – If a ransomware attack results in a breach of sensitive information, litigation is a potential risk. Affected organizations may face lawsuits from business partners whose data is involved in the attack, and who often claim insurance for costs associated with the attack.

Data Security Laws – Countries across the globe have laws in place that require organizations to maintain personal information about state residents and general information security requirements with respect to that personal information. To the extent a ransomware attack results from a failure to implement reasonable safeguards, affected entities may be at risk of legal exposure under the relevant state security laws.

What Organizations Can Do to Minimize Impact of Ransomware

Review policies and train employees regularly: With the source of WannaCry ransomware attack suspected to be through a phishing attack, organizations need to ensure that employees are regularly trained to identify and report suspected phishing attempts.

Manage and control access to systems: Implementing a policy of privilege, and controlling and managing privileged access allows organizations to prevent any unauthorized access to IT systems.

Identify systems that need patches: Use tools such as canned scripts to allow IT teams to quickly see if systems are patched and up to date.

Ransomware is a growing concern, and while the most recent global attack has been the greatest attack in history, it denotes a growing threat landscape. Businesses and other organizations should take into account the legal considerations to prevent, investigate, and recover from such disruptive attacks.

To know more about risk management related to ransomware attacks, please reach out to Supply WisdomSM.