NEW YORK -- It likely comes as no surprise that the infamous WannaCry ransomware attack came up during a roundtable discussion on cybersecurity at the 2017 AFP Executive Forum.
Tom Durkin, CTP, managing director, digital channels for Bank of America Merrill Lynch, stressed that the attack just reinforces the need for companies to back up their files and download the latest versions of software. “It came down to something that was known publicly; Microsoft issued a patch on March 14 and people didn’t upgrade,” he said.
After working with his corporate clients in the wake of the attack, Durkin saw an overall lack of preparedness at many companies. There was a lot of panic within organizations because they had no idea who they needed to get in touch with to begin to resolve the issue. In fact, some corporates even thought it might be a good idea to pay the ransom.
On the surface, paying the ransom might not seem too bad. Ransomware attackers typically ask for a small amount that would seem like a drop in the bucket for a corporate—a small price to pay to get your data back. And some of these attackers are more than willing to walk you through the process. As ethical hacker Jamie Woodruff noted at the ACT Annual Conference in Manchester last week, many of them actually have call centers and IT support. They’ll even walk you through the process of purchasing bitcoin if you don’t know how.
Nevertheless, Durkin stressed that if your organization is hit with a ransomware attack, you should not pay it. “There’s no guarantee that the de-encryption is going to work,” he said. “And the other point is, once you pay the ransom, you’re on a very public list in a bad area of the web. You’ll be under more attacks.”
One treasury executive in attendance asked about the likelihood of the attackers being caught. “The likelihood of being caught is minimal,” Durkin said. “When are we going to hear about who actually started it? It’s going to play out forever and turn into a tumultuous battle in terms of pursuit, even though you have many governments that are interested in chasing them down. That’s what fosters the bad actors to continue to try it out.”
Authorities will likely find it even more difficult than usual to find these particular attackers, given that they used exploits stolen from the NSA. “That’s been one of the most striking things to me over the course of the past 12-18 months—you hear that these tools were stolen and then you hear a year later that fraud has been perpetrated using those tools,” said Joel Campbell, vice president, treasurer and CRO of H&R Block. “Those tools are taken and then they’re put out on the dark web. You can buy them for minimal amounts of dollars.”