Embarrassed companies hit by ransomware pay up, and keep it quiet
Companies are usually too embarrassed to admit to falling victim to cyber attacks, says a cyber security expert.
The recent WannaCry ransomware preyed on known vulnerabilities in systems that companies tend to leave "unpatched and unprepared", said RedShield chief executive and founder Andy Prow.
"There are a lot of organisations that would rather it not be public," he said.
Prow said he was privy to "closed door discussions" following six massive ransomware attacks on US firms, where seven-figure transactions were kept under the covers.
"Some of those have been high-profile organisations and so actually the payment itself is fully undisclosed, because in many ways the fact there was a compromise is quite embarrassing."
Malware paired with crypto currency was one of the fastest growing issues Red Shield was seeing, Prow said.
"Personal data and business data has become invaluable and cyber criminals are taking advantage of that."
Prow expected ransomware paired with data encryption, data destruction, and business interruption would become more common.
"This is proving to be an effective commercial model."
But New Zealand companies are often smaller, easier to patch and less targeted, Prow said.
The WannaCry ransomware infection largely missed New Zealand computers.
The sole New Zealand business reported to be affected by the WannaCry cyber attack so far has been Christchurch's Lyttleton Port. The port has scheduled an urgent systems outage from 11pm on Tuesday until 7am on Wednesday.
Cert NZ said it had not received any fresh reports of WannaCry impacting New Zealanders since Monday, when it received "a small number" of attack reports which it was still seeking to confirm, a spokeswoman for the Government cyber-crime agency said.
Car factories, hospitals, shops, petrol stations, government ministries, mobile phone providers, mail couriers, and schools in the United States, Europe, China and Russia were infected by the attack.
The Financial Times reported that Microsoft was targeted by using a repurposed cyber spying tool called EternalBlue, which was stolen from the US National Security Agency and leaked online last August by an entity that called itself the "Shadow Brokers".
EternalBlue exploited a security loophole in Windows operating systems that allowed malicious code to spread through file-sharing structures like dropboxes and shared drives.
In a statement, Microsoft president Brad Smith said the attack should be treated as a "wake-up call" for governments, which he accused of "hoarding these vulnerabilities.
"They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world," Smith said.
The ransomware's "kill switch" was activated thanks to a 22-year-old British cyber analyst who purchased an obscure web address the ransomware was querying for $11 and activated it.
There have been no reported instances where paying the WannaCry ransom has resulted in decryption.