The City of Baltimore has been dealing with ransomware for weeks. They were brought back to the stone ages – at least in principle. Residents were forced to come to offices and pay in cash in order to make sure they made payment deadlines for various city services and fines.
Typically ransomware infections spread by phishing or the more targeted spear phishing which act as the attack vectors of social engineering.
The New York Times reported an NSA exploit which leaked named EternalBlue was to blame but many experts think this is likely not what happened.
The reality is all software which includes operating systems like Windows and MacOS have holes. Yes, even, MacOS, as we detailed yesterday, has holes which need patching.
The only responsible party in the end is the organization which gets hit.
You see even if NSA figures out how to exploit holes in software, are they to blame for the holes?
Even if you feel they are – what good does it do you? Baltimore could have avoided ransomware had they just followed the cybersecurity basics.
It’s worth mentioning, one of the worst attacks caused by these exploits was NotPetya which caused over $10B worth of damage – before companies had a chance to patch affected systems.
Running an organization on old or unpatched software is a recipe for disaster. When companies patch, they announce what the patches are, and hackers pay attention. They scour the internet, looking for people who ignore these warnings.
We issued our second warning about BlueKeep earlier this weekend for this exact reason.
We’ve put together a simple checklist of cybersecurity essentials for every organization. It is a must read for all business owners and managers. We hope you find it useful.
In addition – you may enjoy, How to Secure the 2020 Election.