Even for businesses that weren’t affected, the malicious software that on Friday began quickly spreading worldwide is a swift and ugly reminder to stay on top of computer system updates and backups.
“People need to take basic precautions to prevent such an attack or recover from one as quickly as possible,” says Michael Kaiser, executive director of the nonprofit National Cyber Security Alliance. “Ransomware is usually resolved by having a good backup system because if you have your data and a recent copy, you can get back to work.”
The malware, known as WannaCry, used a technique purportedly stolen from the U.S. National Security Agency. More than 200,000 computers in at least 150 countries have so far been infected, according to Europol, the European Union’s law enforcement agency. The hackers used the tool to encrypt files within affected computers, making them inaccessible, and demanded ransom—typically $300 in bitcoin, an online currency. Russia and Ukraine had a heavy concentration of infections, according to Dutch security company Avast Software BV.
The malware affected the U.K.’s National Health Service, Russia’s Ministry of Interior, China government agencies, Germany’s Deutsche Bahn rail system, automakers Nissan Motor Co. and Renault SA, PetroChina, and other company and hospital computer systems in countries from Eastern Europe to the U.S. and Asia.
Logistics giant FedEx Corp., which is the shipping carrier for 318 retailers in the Internet Retailer 2017 Top 1000, also was hit Friday. “Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible. We regret any inconvenience to our customers,” FedEx said, declining to detail how it was affected.
The initial attack was stifled when a security researcher disabled a key mechanism used by the worm to spread. But experts say the hackers were likely to mount a second attack because many users of personal computers with Microsoft operating systems couldn’t or didn’t download a security patch released in March that Microsoft had labeled “critical.”
- Keep clean machines: Prevent infections by updating critical software as soon as patches or new operating system versions are available. This includes mobile and other internet-connected devices.
- Lock down your login: Strong authentication—requiring more than a username and password to access accounts—should be deployed on critical networks to prevent access through stolen or hacked credentials.
- Conduct regular backups of systems: Systems can be restored in cases of ransomware and having current backup of all data speeds the recovery process.
- Make better passwords: In cases where passwords are still used, require long, strong and unique passwords to better harden accounts against intrusions.
Several e-retailers in the Internet Retailer 2017 Top 1000 say they had not been affected by the attack but they are on guard. Most of the retailers contacted declined to speak publicly.
“We’re not under threat in any way, shape or form. But we do know these issues begin to crop up exponentially as technology becomes more pervasive. Attacks are happening so frequently now,” says Ankit Daga, marketing and sales director at Angara Inc. (No. 913), an online-only jewelry retailer that specializes in gemstones.
“We do regular checks on the security of our site. I don’t foresee any issues,” he says. The retailer holds regular meetings about site and systems security but is not calling a special session to address this malware threat, and it is not sending emails to its staff or customers.
“The average customer is not informed enough to know about the cyberattacks. If we were to contact them about it—trying to reassure them or explain the situation—that can, in and of itself, be a red flag to them,” Daga says. An email that contains such words as “cyberattack” or “fraud” risks making customers think the email has been compromised, he says. “If you inform them of the chance of this happening, it’s like opening Pandora’s Box.”
A global distributor ranked in the Internet Retailer 2017 B2B E-commerce 300 says there was no impact on its business, apart from a companywide notification to watch for suspicious emails and attachments. “We’re always under threat by someone. It’s kind of normal business nowadays,” a source at the distributor said. The source declined to identify the company, but noted the distributor has an internal security department and works with several major external security firms.
Friday’s first wave of the attack hit Russia hard. At Russia’s largest online mass merchant Ulmart, however, there was no sign of a problem. “We haven’t been hit. I hope we are not at threat, but who knows how [hackers] decide,” Brian Kean, Ulmart’s chief international officer says in an email. “We are doing what we have always done: remaining vigilant.” Ulmart is No. 30 in the Internet Retailer 2016 Europe 500.
In addition to highlighting the necessity of backing up systems, this massive attack shows the importance of having companies share information with each other and government agencies, says Shamoil Shipchandler, regional director of the Fort Worth, Texas, office of the U.S. Securities and Exchange Commission. In particular, Shipchandler encourages companies to join the FBI’s InfraGard program. Companies tell the FBI what they’re seeing in their systems and in some cases the bureau can help. Joining is easy and any company interested can contact their local FBI office, he says.
“For some versions of ransomware the FBI has decrypted [them] and can provide a decryption key to people who have been affected,” says Shipchandler, who before joining the SEC spent nearly 10 years in the Department of Justice prosecuting white-color crime, including cyberattacks.
More generally, Shipchandler encourages companies to think of cybersecurity the same as they think of financial security because, increasingly, they’re the same thing, he says.
“It’s about embedding a culture of being ready for how to respond to any kind of cybersecurity attack,” he says. “[It’s about] having policies and procedures in the company about properly governing information, limiting access and staying abreast of the security landscape. And having a crisis response plan, so that if something happens I know how respond quickly and effectively to whatever comes my way.”
It also helps to implement such processes before an attack happens. “While you’re under a cybersecurity attack, those things are a lot more difficult to pull off,” Shipchandler says.
The NCSA’s Kaiser concurs.
“We encourage companies to focus on response and recovery as well as prevention,” Kaiser says. “If you’re a retailer in the hurricane belt, you prepare for those contingencies. You have to do risk management across a number of elements, and cybersecurity is one of those. There’s always a chance something bad could happen. It’s facing business straightforward.”
Bill Briggs, Don Davis, Jessica Young and Bloomberg News contributed.