We may not be out of the woods yet with the WannaCry ransomware that plagued Europe, China and Russia this month. Now there’s something potentially worse on the horizon – EternalRocks, malware that uses seven NSA exploits of Microsoft Windows vulnerabilities (compare that to WannaCry’s two exploits).
And while WannaCry’s purpose was to ransom money from infected users, EternalRocks stays hidden for 24 hours before attacking. And unlike WannaCry, EternalRocks doesn’t have a built-in kill-switch, and it’s unclear what its ultimate goal is. So what’s the bigger concern for companies: attacks designed for ransom, or those designed purely for damage?
“For me, it’s always damage,” says DRI President Al Berman. “I can deal with business men – it’s a business proposition, and they’re giving you a way out. You may not like it, you may be morally opposed to it, but there’s a solution for a price. People who are purely malicious don’t have a goal except destruction. For instance, the North Hollywood hospital case cost them around $15-18,000. And if you think about it, it’s a few days’ work for some programmers.”
While recent reports have pointed to WannaCry as an attack from a hacker group affiliated with North Korea, others are arguing that it did not bare the hallmarks of a nation-state campaign. Berman says that companies shouldn’t worry about making the distinction.
“I don’t think it’s far-fetched, but what would you do different from an individual sponsored attack? Whether it’s communist or capitalist attack, the effects are the same,” Berman said. “We would like to put a face on the enemy – but one of the worst things about a cyberattack is there’s no face to the enemy. That’s one of the most frightening things you can think of, that there’s an enemy out there and you can’t put a face to them. But the preventative measures – whether it’s a state-sponsored attack or an individual – are the same.”