Home Security Latest ransomware: enterprise IT teams earn flak

Latest ransomware: enterprise IT teams earn flak

Latest ransomware: enterprise IT teams earn flak Featured

At least two officials from security companies have taken aim at IT teams in businesses after the latest Windows ransomware attack that spread from Europe to other parts of the world overnight.

Ross Brewer, vice-president and managing director of international markets at LogRhythm, said both WannaCry and the latest attack showed "the lack of accountability and focus on basic IT and security fundamentals".

"Core IT operational competencies, such as patch management, back-ups, disaster recovery, and incident response are not well implemented or maintained," he said.

"These are absolutely essential in protecting your company from damaging cyber threats and without them you are left in a perpetually vulnerable state, a sitting duck for these types of attacks, merely hoping that you aren’t compromised. The only actions you take are responsive, only after some other unlucky company was compromised."

Brewer said that security vendors were often criticised for fear mongering and exaggerating the possible consequences of a cyber attack.

"But I think we can agree that recent events are starting to show that the warnings were warranted," he said. "These attacks are targeting our top businesses, banks, healthcare institutions and other critical national infrastructure, are revealing the chaos that ensues when organisations lose control of their data – when are we going to do something about it?"

Tenable technical director Gavin Millard also took aim at business IT teams, saying: "If this attack turns out to be leveraging the same vulnerabilities WannaCry leveraged to spread, or other known bugs that have had patches available for months, there are going to be some awkward conversations between IT teams that failed to patch or protect and businesses affected.

"The publicity around WannaCry couldn’t have been larger, probably eclipsing Heartbleed, yet if this is the same attack vector, it demonstrates a distinct lack of taking threats like this seriously.”

Yaacov Ben Naim, senior director of cyber research at Cyber Ark, said it had been noticed that the latest ransomware appeared to be sparing endpoints that used an US English-only keyboard, pointing out that this "seemingly self-imposed restriction has been seen in nation state attacks".

Malwarebytes ANZ regional director Jim Cook warned that this outbreak would not be the last. "If Shadow Brokers keeps its promise to continue releasing NSA exploits, it seems that this sort of mass infection will become common – so now is the time to ensure you have a decent back-up system, patch process and a current end point security solution in place."

Forcepoint chief executive Matt Moynahan said an important takeaway was "the undeniable trend in the increasing ease by which attackers can penetrate the perimeter and get inside of corporate infrastructure".

"Perhaps even more important to consider is the motivation behind the attack and the harm intended on the target. In this case it was to hold companies ransom for US$300; it could have been much worse. To address these new and evolving threats, we need to understand the intent and motivations behind them.

He said that if there was no investment in the cyber security of critical infrastructure "we will continue to see massive attacks with economic, employee and public safety ramifications. From the government to the boardroom, leaders need to make cyber resiliency a requirement, putting focus and funding behind it".

"While the perception may be that if we criminalise cyber attacks we will inhibit innovation, the reality is that if we do not treat cyber crime more seriously, attacks like WannaCry and Petya will start to feel even more commonplace than they already do.”

The Shadow Brokers, which dumped a number of NSA exploits, among them EternalBlue which was used in the WannaCry attack, has said that any future exploits would only be available for sale on a subscription model.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware attacks on businesses and institutions are now the most common type of malware breach, accounting for 39% of all IT security incidents, and they are still growing.

Criminal ransomware revenues are projected to reach $11.5B by 2019.

With a few simple policies and procedures, plus some cutting-edge endpoint countermeasures, you can effectively protect your business from the ransomware menace.


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.


Popular News