fb-pixel

Local firms fend off ransomware

Users of infected computers see a message warning them that all of their data files have been encrypted. They’re told they can pay a ransom of $300 or more for a key to unlock their files, or risk losing the data forever.
Users of infected computers see a message warning them that all of their data files have been encrypted. They’re told they can pay a ransom of $300 or more for a key to unlock their files, or risk losing the data forever. Ritchie B. Tongo/European Pressphoto Agency

Boston’s major cybersecurity companies say they’ve had no trouble protecting their clients against the WannaCry ransomware attack that’s ravaging computers around the world.

“I’m not aware of any customers that had major operational impact,” said Josh Feinblum, vice president of information security at Boston-based corporate data security firm Rapid7. “It felt more like a nuisance.”

But local experts warned against complacency, and said more such attacks are inevitable. “This is the world in which we’re living now,” said Lior Div, chief executive of Boston-based Cybereason, whose company makes tools for protecting networks against ransomware. “I think right now there are a lot of other vulnerabilities.”

Advertisement



Kurt Baumgartner, principal security researcher at Kaspersky Lab, a Russian cybersecurity firm with US headquarters in Woburn, estimated that as many as 130,000 computers worldwide were infected by
WannaCry as of Saturday afternoon. Users of infected computers see a message warning them that all of their data files have been encrypted. They’re told they can pay a ransom of $300 or more for a key to unlock their files, or risk losing the data forever.

The hackers have demanded that ransom be paid using Bitcoin, a digital currency. Bitcoin transactions are anonymous, but they are publicly displayed, so it’s possible to track money going to the three Bitcoin account numbers provided by the criminals. Baumgartner said that at least 70 victims had paid the hackers as of Saturday afternoon, but he wasn’t sure how much money they had extorted.

Michele Spagnuolo, a security engineer with Google in Zurich, estimated that by Saturday afternoon the hackers had received about $26,000 in Bitcoin. This suggests that only a small fraction of victims have paid up.

Indeed, victims with backup copies of critical files can just wipe their computers clean and start from scratch. But Cybereason’s Div noted that restoring data to the hundreds or thousands of computers in a large organization could be so costly and time-consuming that such victims might prefer to pay the ransom.

Advertisement



Relatively few of the victims have been based in the United States. Baumgartner noted that Microsoft Corp. issued a security patch in March that protects computers against WannaCry and similar attacks. He speculated that US companies and government agencies were quicker to install the patch than those in other countries.

However, the rapid spread of WannaCry was made possible by hacking tools developed by the US National Security Agency and leaked to the public by a mysterious group called the “Shadow Brokers.”

Baumgartner noted that the group has leaked other tools that could be used by cybercriminals.

“There is a lot of code in that dump,” he said. “We don’t know what we’re going to see from this in the future. . . . This could be an ongoing type of issue.”


Hiawatha Bray can be reached at hiawatha.bray@
globe.com
. Follow him on Twitter @GlobeTechLab.