New Ransomware Attack Spreads From Ukraine
RACHEL MARTIN, HOST:
A massive cyberattack is still taking a toll on computer systems around the world. It all started yesterday in Russia and Ukraine and then spread around Europe and on to the U.S. A number of major international corporations were hit, including the U.S. pharmaceutical-maker Merck, the Russian state oil company Rosneft and the shipping giant Maersk, which caused the Port of New York to shut down as well as ports in Rotterdam and Mumbai.
With us now is Matt Tait. He's a security expert based in London and the CEO of Capital Alpha Security. He's with us on Skype. Hey, Matt.
MATT TAIT: Hey, how you doing?
MARTIN: Doing well. What do we know about who's responsible for this?
TAIT: So at the moment, we don't know who's responsible for it. We know how the attack has been taking place. Essentially, a Ukrainian firm that builds accountancy software was compromised yesterday, and they started distributing malware through their auto update software-delivery mechanism. And this caused lots and lots of companies that were dependent on this software to become infected with ransomware, which very rapidly spread around internal networks, compromising entire international firms, destroying large numbers of computers within these companies.
MARTIN: So this is similar to what we saw just last month - right? - the WannaCry virus this was called. This was another ransomware assault. I mean, are there lessons that are being learned every time one of these happens? I mean, are you susceptible every single time a new one comes about?
TAIT: So yeah, there's a lot of similarities between this particular attack and the one that happened a few weeks ago. Certainly, this idea of ransomware that's self-spreading, that's able to, you know, compromise computers next to each other in order to attack entire corporate networks - this is something that is - seems to be more prevalent now. It's really, really problematic. The way that it spread last time was only using a vulnerability that had already been patched by Microsoft. This particular one is more dangerous because it was using this software distribution mechanism by this Ukrainian firm, which meant that people really had less opportunity to protect themselves in this instance than they did in the previous one.
MARTIN: And so it's really insidious. It's the victim that's doing the spreading and making it even worse. Do these things actually get ransoms? I mean, ransomware attacks have increased, I understand, by 50 percent, and that was in 2016. So they must be working.
TAIT: So we certainly - because the payments in this case are being made using the anonymous payment mechanism Bitcoin, we're actually able to track how many of these payments have taken place. And in this particular case, we see that there's being about $9,000 or so of ransoms that have been paid. Unfortunately, for many of the people...
MARTIN: That's not very much.
TAIT: It's not very much. But also, unfortunately, for a lot of the people that have paid it, there's no guarantee that they're going to get their files back anyway. The email address for contacting the ransomware developers has long since been disabled. So a lot of these people will have paid their $300, and they're not going to get their files back anyway.
MARTIN: Obviously, this is something that governments around the world are focused on. But when it comes to U.S. corporations, business systems, government systems, is the U.S. well-prepared to deal with threats like this?
TAIT: So there's a lot of problems at the moment, I think in particular with this software delivery mechanism. I think, really, we're going to have to take a look at software-delivery mechanisms and auto updates to see whether or not we can make those more secure because that was definitely the proximate problem with this particular attack.
MARTIN: Matt Tait is founder and CEO of Capital Alpha Security. He joined us on Skype from London. Thanks so much.
TAIT: Thanks so much. Transcript provided by NPR, Copyright NPR.