The CEO of New Brunswick cybersecurity company Beauceron Security says the ongoing massive, worldwide ransomware attack is not just a technology problem.
David Shipley says in his role at the University of New Brunswick, they’ve seen malware in emails sent to their system go from 149,000 a month, to more than 3 million per month.
He explains at the UK’s National Health Service, the attack began with “phishing” emails pretending to be clinical or lab results, that actually launched the infection.
“And then they used a government exploit that had been leaked from the NSA to start moving very, very rapidly from machine to machine infection,” says Shipley. “And so it was two very bad things coming together in a very bad situation.”
Shipley says this attack is not strictly a problem with technology, it’s also about people, process and culture.
He says the flaw exploited by this attack was noticed and fixed in a patch from Microsoft back in March.
“But hospitals, schools, [and] manufacturers are particularly slow at putting these things out,” says Shipley. “Now sometimes there’s good reasons for that because you don’t want to break specialized equipment, but by waiting to do those patches, they left themselves really vulnerable to these infections.”
He adds we are coming into an era now where people must be aware the world isn’t as automatically safe as they thought it was.
“And that’s a good thing, it took the Titanic [disaster] to actually have regulations on board for enough lifeboats on people,” says Shipley. “But now we’re going to come into a better era after we get through all this where we actually all take more responsibility for our technology, and there’s going to be more laws and more government regulations which are desperately needed.”
Shipley says ransomware attacks are increasingly popular because upwards of 70% of victims pay up.
He says being willing to lose any data accumulated since the last backup is the only way to get out of paying after your data has been locked up.
