Global ransomware attacks: The impact and the response


A global “ransomware” attack called “WannaCry,” which exploits a vulnerability in the Windows Operating System was released this past Friday, infecting over 200,000 computers in more than 150 countries. The attack encrypts company and government computers, demanding bitcoin payments for release of the locked files. D’Amore-McKim School of Business professors, Jeffrey Born and Martin Dias, assess the nature of the attack and what it means for future cyber-warfare.

Employing the “ransomware,” hackers demanded bitcoin payment for the release of the encrypted files, leaving many faced with losing their files or paying the ransom without assurance that they would be released.

Born believes the use of bitcoin provides the hackers with the ability to accept payment in “virtual secrecy.”

“Bitcoins have always been popular with those looking to cover their financial tracks. The development of the block-chain technology has made them even more stealthy, which has helped drive their market prices up substantially,” said Born. “It may not be an ideal endorsement in a marketing sense, but this use as a ransom will no doubt drive bitcoin popularity even higher.”

Dias noted the higher frequency of “ransomware” attacks on some accounts, doubling from 2016 to 2015, an indication that these types of attacks are far from slowing down.

He also underscores information assurance, the main focus of cyber security, highlighting three goals: confidentiality, integrity, and accessibility, all of which must be strengthened to prevent future attacks.

“Going forward, more resources will be allocated to data backups. Companies and consumers are already moving toward more cloud-based storage platforms, which generally should improve recoverability from “ransomware” attacks, said Dias. “In addition, more attention will be given to upgrading existing systems to at least update security patches. I also think you will see more businesses attempting to make more effective business use of the cybersecurity monitoring and alerting tools they invest in.”

Read more on News@Northeastern.