OPEN MIC: Who's afraid of big, bad cyber attacks?

WannaCry splashscreen – what appears when you accidentally click on one of the malicious email links

Welcome to NBR's weekly Friday afternoon Open Mic thread!

This week, everyone's talking about the massive, global ransomware campaign “WannaCry.” Over 150 countries and more than 230,000 computers continue to be targeted by a worm that some suspect was built by organised criminals based on leaked NSA spy tools. Sounds like a terrible Tom Clancy novel...

  1. What would your company’s exposure to such an attack be? Would it cripple your operations?
  2. Can the government play a larger role in cyber defence or is private industry really alone on this?

NBR has already published a few stories on this topic. Refresh your memory and get the brain juices flowing at the below links:

If the nasty world of cyber isn't your thing, post about anything you want, ask random questions, whatever.

Have fun, readers!


14 · Got a question about this story? Leave it in Comments & Questions below.


This article is tagged with the following keywords. Find out more about MyNBR Tags

Post Comment

14 Comments & Questions

Commenter icon key: Subscriber Verified

I guess that's one way to bolster the relevance of bitcoin...?

Reply
Share
  • 0
  • 0

I would imagine the creators didn't expect it to be quite so successful - now they've made themselves just a little too visible for comfort.

Is there a primer on what I can be doing right now in case I get hit with one of these? Will just setting up a backup locally and through a cloud for all my important files be sufficient?

Reply
Share
  • 0
  • 0

So here's my advice:

Never run as an elevated user. Make a local admin and use that for all your admin tasks.
Encrypt your drive.
Do not run installers from a compressed archive. Extract all installers first.
Don't open shit attachments from people you don't know, and even then only if you are expecting something from them.
Have good and current backups.
Have good and current backups offsite.
Don't download shit from email links without verifying the link goes where you believe it does.
Don't download anything from a google search. Go to the primary website, insure you are actually on the correct website and not some cnet mirror.
Have a decent virus scanner and use it.
Don't ever trust your kids, spouse, or drunk uncle with any computer provided by your employer unless you are looking for new employment
Get a Mac.

I probably forgot some

Reply
Share
  • 0
  • 0

What are the odds of actually getting a decryption key even if you did pay up? Does anyone ever actually get their files back by paying a ransom?

Reply
Share
  • 0
  • 0

Apparently so. As per NBR tech editor Chris Keall, "most of the time, the bad guys do in fact return ransomed data (they do, after all, have a reputation of sorts to maintain)."

Reply
Share
  • 0
  • 0

I would add: Never let anyone else plug anything into your computer's sockets. Never trust an unknown device.

Reply
Share
  • 0
  • 0

As for the "you should totally pay, now" crew

Sure...it's really quick and easy for your average hospital worker to transfer funds into a 100% safe bitcoin repository, get it to the right bunch of thieves, and then ensure that the computer can't be ransomed again. This is definitely something that can be repeated thousands (possibly tens of thousands) of times at $300 EVERY TIME by people who are in the middle of a medical crisis of enormous proportions with little to no problem.

Isn't it strange how the intersection of crypto geeks and market libertarians always have to be the worst of the two?

Reply
Share
  • 0
  • 0

I remember working at a place where my colleagues would do nasty things to my computer if I walked away leaving it unlocked. That’s given me some pretty decent habits. But if I’m being honest, I think the care factor for most employees is going down, not up. No one seems to consider how clicking on a weird email or link might be dangerous. Maybe that’s a work culture thing, I dunno

Reply
Share
  • 0
  • 0

Just waiting for this to happen in my local hospital, our emergency department still runs on XP, the latest in early 2000s technology!

Reply
Share
  • 0
  • 0

If Microsoft made windows so secure that the 'bad' guys couldn't get in then that would also mean that the "good" guys(CIA,NSA,GCSB etc) wouldn't be able hack into computers either.
That might be the underlying reason why Microsoft won't block executables running inside email attachments.

Reply
Share
  • 0
  • 0

To the second question:

I hope not. The govt wouldn't have helped in the slightest in this case, and if anything it's highlighted the ineptitude of the government in understanding and managing practical cybersecurity. It's given a lot more ammunition to the sane.

Not that sanity is at any sort of premium at the moment, but every little helps.

Reply
Share
  • 0
  • 0

Don't use the reading Payne function in your email, Run a virtual desktop if you can or at least sandbox your browser

Reply
Share
  • 0
  • 0

AFAIK...

This exploit targeted machines running Windows XP and Server 2008.
MSFT ended support for XP a long while back and in 2015 did the same for Server 2008.

Software has a life-cycle - the CIO's of companies that have been effected by this exploit and where running out of date software should be held accountable. Your insurance won't cover you if you leave your keys in the ignition and your car door wide open in a public space, I don't see the difference here.

Whilst no one deserves to get their stuff taken, everyone should take precautions. Number 1 of which is - update your software!

Reply
Share
  • 0
  • 0

Use Linux

Reply
Share
  • 0
  • 0

Post New comment or question

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

NZ Market Snapshot

Forex

Sym Price Change
USD 0.7451 0.0000 0.00%
AUD 0.9417 0.0000 0.00%
EUR 0.6389 0.0000 0.00%
GBP 0.5734 0.0000 0.00%
HKD 5.8206 0.0000 0.00%
JPY 82.8030 0.0000 0.00%

Commods

Commodity Price Change Time
Gold Index 1254.9 12.220 2017-07-21T00:
Oil Brent 48.3 -1.290 2017-07-21T00:
Oil Nymex 45.8 -1.190 2017-07-21T00:
Silver Index 16.4 0.112 2017-07-21T00:

Indices

Symbol Open High Last %
NZX 50 7672.4 7675.2 7672.4 -0.02%
NASDAQ 6383.1 6388.8 6390.0 -0.04%
DAX 12424.8 12464.1 12447.2 -1.66%
DJI 21591.7 21592.6 21611.8 -0.15%
FTSE 7487.9 7515.1 7487.9 -0.47%
HKSE 26777.4 26778.4 26740.2 -0.13%
NI225 20089.9 20135.3 20144.6 -0.22%
ASX 5761.5 5761.5 5761.5 -0.67%