Originally published on TechTarget. Alvaka’s COO and CISO—Kevin McDonald—discusses that, although cyber attackers are the main culprits for ransomware attacks, the companies that release flawed software or those who don’t install patches are not off the hook.
In early May, hackers infiltrated the Baltimore, MD, computer network. The ransomware attack ended normal business operations, interrupted critical city services, cost the city millions and inconvenienced hundreds of thousands of residents.
Baltimore joined the list of other cities that have fallen victim to serious ransomware threats that affect business and commerce. While ransomware attacks have many variations, they generally make victims’ data unrecoverable due to strong encryption enabled by cyberattackers who then demand payment to decrypt the data.
While Baltimore may be typical of many ransomware attacks against government and businesses, it is atypical in other ways. The city said the attack was facilitated by the use of EternalBlue, a cyberweapon developed by the U.S. National Security Agency (NSA). The capability behind EternalBlue was allegedly stolen from or leaked by an NSA employee and later released in April 2017 by a group called the Shadow Brokers. [Click HERE to read an article written by Kevin McDonald in 2017 predicting outcomes like this.]
Fingerprints of EternalBlue’s use by cybercriminals actually showed up as early as 14 months before the Shadow Brokers dumped the files. The NSA disputes Baltimore’s claim that EternalBlue is involved in the attack. But the NSA’s objection doesn’t change the basic problem — that cyberweapons were either stolen or released, and U.S. government tools were subsequently used to attack businesses and individuals. Baltimore refused to pay the ransom, and the city’s government asked for millions of dollars in relief from the federal government, which ultimately means from the taxpayers…