Originally published on TechTarget. Alvaka’s COO and CISO—Kevin McDonald—discusses that, although cyber attackers are the main culprits for ransomware attacks, the companies that release flawed software or those who don’t install patches are not off the hook.

image of lock and ransomware spelled out on circuit boardIn early May, hackers infiltrated the Baltimore, MD, computer network. The ransomware attack ended normal business operations, interrupted critical city services, cost the city millions and inconvenienced hundreds of thousands of residents.

Baltimore joined the list of other cities that have fallen victim to serious ransomware threats that affect business and commerce. While ransomware attacks have many variations, they generally make victims’ data unrecoverable due to strong encryption enabled by cyberattackers who then demand payment to decrypt the data.

While Baltimore may be typical of many ransomware attacks against government and businesses, it is atypical in other ways. The city said the attack was facilitated by the use of EternalBlue, a cyberweapon developed by the U.S. National Security Agency (NSA). The capability behind EternalBlue was allegedly stolen from or leaked by an NSA employee and later released in April 2017 by a group called the Shadow Brokers. [Click HERE to read an article written by Kevin McDonald in 2017 predicting outcomes like this.]

Fingerprints of EternalBlue’s use by cybercriminals actually showed up as early as 14 months before the Shadow Brokers dumped the files. The NSA disputes Baltimore’s claim that EternalBlue is involved in the attack. But the NSA’s objection doesn’t change the basic problem — that cyberweapons were either stolen or released, and U.S. government tools were subsequently used to attack businesses and individuals. Baltimore refused to pay the ransom, and the city’s government asked for millions of dollars in relief from the federal government, which ultimately means from the taxpayers…

Click here to read the full article on TechTarget.

Kevin McDonald, COOBlog written by Kevin McDonald, COO & CISO – Alvaka Networks

Kevin B. McDonald is the chief operating officer and chief information security officer at Alvaka Networks. Kevin is a trusted technology and security practitioner and public policy advisor to some of America’s most influential people and organizations. He advises corporate executives, federal and state legislators, law enforcement, high net worth individuals and other business leaders. He is a sought after consultant, writer, presenter and trainer on the issues surrounding personal, physical and cyber security, compliance and advanced technology. Kevin has written for and been interviewed by dozens of national publications and on major television, radio and digital outlets.

ransomware resources
Contact Alvaka