D’Amore-McKim Professors Discuss WannaCry RansomeWare Attack
Four faculty members from D’Amore-McKim School of Business at Northeastern University recently weighed in the recent “WannaCry” ransomware attack.
The attack, which encrypted over 200,000 computers across 150-plus countries and demanded bitcoin payments in exchange for unlocking files, was notable according to the Washington Post because it “took advantage of a leaked security flaw in Microsoft software found by the NSA for its surveillance tool kit.”
Professor and cybersecurity expert Engin Kirda believes the WannaCry attack has precedence in ’90s and ’00s Internet worms, but what really made this campaign newsworthy was the sheer number of organizations it affected in such a short period of time.
Fellow professor and cybersecurity expert Alina Oprea comments on how well-organized the attack was and the diversity of targets, which “ranged from hospitals to academic institutions.” She adds, “This attack shows that intelligence and government agencies need to work closely with vendors and industry to patch vulnerable software and prevent large-scale catastrophic effects such as the ones we just experienced.”
Business professor Jeffrey Born discussed the security implications of the growing demand for cryptocurrency, rather than standard cash, among black market dwellers. “Bitcoins have always been popular with those looking to cover their financial tracks [as] they are not issued by countries, and their transfer has become even more difficult to trace. This provides the criminal element an opportunity to conduct transportation in virtual secrecy. The development of the block-chain technology has made them even more stealthy, which has helped drive their market prices up substantially.”
Business professor Martin Dias talks about the attack in terms of how companies and consumers can protect information assets by consistently upgrading their systems and security patches, switching to cloud-based storage platforms and employing Big Data to identify anomalies in online behavior. “If our information systems were water systems, we might say our goals are no leaks, no pollution, and no blockage.”