New Ransomware Attack Spreads From Ukraine
NPR
Wednesday, June 28, 2017
Update RequiredTo play audio, update browser or
Flash plugin.
Copyright 2024 NPR. To see more, visit https://www.npr.org.
A cyberattack spread from Ukraine to Europe and around the world Tuesday. Cybersecurity expert Matt Tait of Capital Alpha Security tells Rachel Martin about who is vulnerable.
Transcript
RACHEL MARTIN, HOST:
A massive cyberattack is still taking a toll on computer systems around the world. It all started yesterday in Russia and Ukraine and then spread around Europe and on to the U.S. A number of major international corporations were hit, including the U.S. pharmaceutical-maker Merck, the Russian state oil company Rosneft and the shipping giant Maersk, which caused the Port of New York to shut down as well as ports in Rotterdam and Mumbai.
With us now is Matt Tait. He's a security expert based in London and the CEO of Capital Alpha Security. He's with us on Skype. Hey, Matt.
MATT TAIT: Hey, how you doing?
MARTIN: Doing well. What do we know about who's responsible for this?
TAIT: So at the moment, we don't know who's responsible for it. We know how the attack has been taking place. Essentially, a Ukrainian firm that builds accountancy software was compromised yesterday, and they started distributing malware through their auto update software-delivery mechanism. And this caused lots and lots of companies that were dependent on this software to become infected with ransomware, which very rapidly spread around internal networks, compromising entire international firms, destroying large numbers of computers within these companies.
MARTIN: So this is similar to what we saw just last month - right? - the WannaCry virus this was called. This was another ransomware assault. I mean, are there lessons that are being learned every time one of these happens? I mean, are you susceptible every single time a new one comes about?
TAIT: So yeah, there's a lot of similarities between this particular attack and the one that happened a few weeks ago. Certainly, this idea of ransomware that's self-spreading, that's able to, you know, compromise computers next to each other in order to attack entire corporate networks - this is something that is - seems to be more prevalent now. It's really, really problematic. The way that it spread last time was only using a vulnerability that had already been patched by Microsoft. This particular one is more dangerous because it was using this software distribution mechanism by this Ukrainian firm, which meant that people really had less opportunity to protect themselves in this instance than they did in the previous one.
MARTIN: And so it's really insidious. It's the victim that's doing the spreading and making it even worse. Do these things actually get ransoms? I mean, ransomware attacks have increased, I understand, by 50 percent, and that was in 2016. So they must be working.
TAIT: So we certainly - because the payments in this case are being made using the anonymous payment mechanism Bitcoin, we're actually able to track how many of these payments have taken place. And in this particular case, we see that there's being about $9,000 or so of ransoms that have been paid. Unfortunately, for many of the people...
MARTIN: That's not very much.
TAIT: It's not very much. But also, unfortunately, for a lot of the people that have paid it, there's no guarantee that they're going to get their files back anyway. The email address for contacting the ransomware developers has long since been disabled. So a lot of these people will have paid their $300, and they're not going to get their files back anyway.
MARTIN: Obviously, this is something that governments around the world are focused on. But when it comes to U.S. corporations, business systems, government systems, is the U.S. well-prepared to deal with threats like this?
TAIT: So there's a lot of problems at the moment, I think in particular with this software delivery mechanism. I think, really, we're going to have to take a look at software-delivery mechanisms and auto updates to see whether or not we can make those more secure because that was definitely the proximate problem with this particular attack.
MARTIN: Matt Tait is founder and CEO of Capital Alpha Security. He joined us on Skype from London. Thanks so much.
TAIT: Thanks so much. Transcript provided by NPR, Copyright NPR.
View this story on npr.org
Follow us for more stories like this
CapRadio provides a trusted source of news because of you. As a nonprofit organization, donations from people like you sustain the journalism that allows us to discover stories that are important to our audience. If you believe in what we do and support our mission, please donate today.
Donate Today