Last week’s cyberattack has affected more than 200,000 computers across 150 countries. The ransomware program known as WannaCry encrypts information on computers and demands targeted users pay $300 in order to regain access to their machines.
The good news here in the U.S. is that so far, no federal systems have been affected by the global ransomware attack, according to Homeland Security Adviser Tom Bossert, who appeared at today’s regular White House press briefing.
The bad news is that a few companies have been hit and the government is still unaware of who was behind the attack.
And as this work week opened, tech security experts are warning people that while the cyberattacks have slowed, they are still out there so we all still need to be on high alert.
Everyone is a target: Are you in danger? To be on the safe side, assume so.
Although this particular malicious software reportedly was first spotted in Russia, it spread rapidly across the connected globe. Before it’s over, it could turn out to be an attack of unprecedented scale.
The attackers apparently took advantage of a known flaw in Windows XP, the operating system that is still used by millions of PC owners and machines worldwide. Microsoft officially stopped providing security support for XP in 2014, but issued an emergency patch in response to the latest attacks.
The graphic below from Stastista shows that Wannacry’s $300 ransom demand (in Bitcoin) is lower than earlier ransomware demands. The average ransom across all attacks known to security software provider Symantec in 2016 was $1,007.
You will find more statistics at Statista
Presidential cybersecurity effort: Coincidentally, as the Wannacry ransomware epidemic was spreading across the globe, the Trump Administration was exploring ways to fight such threats. Donald J. Trump on May 11 issued an executive order tackling cybersecurity.
In contrast to many of the president’s earlier Oval Office pronouncements, most tech and security experts view this as a good first step.
The executive order outlines plans to improve data security for federal agencies and to better protect critical U.S. infrastructure. It calls for sweeping reviews of the federal government’s digital vulnerabilities and directs agencies to adopt specific security practices.
“There’s not much in there that’s actionable yet — much of it comprises deadlines for recommendations — but analysts appreciate the approach,” writes Brian Barrett in Wired. “In fact, it borrows heavily from the Obama Administration’s recommendations, and focuses heavily on protecting infrastructure and pushing as much as possible to the cloud.”
Of course, notes Barrett, the only way to really measure the order’s impact will be to wait for the actual policies that emerge.
Bob Ackerman in a piece for TechCrunch agreed: “Firstly, this development was truly important — a serious call to action to beef up government cybersecurity measures at a time when breaches dominate the headlines and mounting worries about a future cyber war among nation-states are legitimate. Secondly, while this executive branch step was absolutely necessary, it is insufficient. We need to go much further.”
IRS cybersecurity needs: One government agency that would definitely benefit from an overall beefing up of Uncle Sam’s overall e-security system is the Internal Revenue Service. The country’s tax collector has been a constant target of hackers who see the personal data of millions of taxpayers as a gold mine.
Most recently, the IRS’ online tool that assists students and their families when applying for student aid was hacked. Data on as many as 100,000 taxpayers may have been compromised.
Meanwhile, telephone and phishing tax scams are continuing apace as identity thieves keep looking for any info tidbit that will allow them to steal taxpayers’ identities and file fraudulent tax refund claims.
Con artists never sleep…or vacation: You’d think that with the main tax season over, these crooks would take a summer vacation. They don’t. So beware, not only of ransomware that could attack your machines, but also of all identity theft efforts, tax and otherwise.
You also can check out the IRS’ special Taxes. Security. Together. page, created as part of the Security Summit to involve individual taxpayers in the ongoing fight against identity theft and tax scams.
Mainly, though, just use common sense.
Install and update security software on your electronic devices. Don’t automatically take a caller’s or emailer’s or in-person visitor‘s word that he or she is with the IRS.
And if something just feels off, trust your gut and go directly to the IRS to double check the potentially criminal and costly contact.
You also might find these items of interest:
- 5 ways to protect your identity (& money!)
- Fear you might be a tax ID theft victim? Here’s what to do
- IRS impersonation scam’s alleged mastermind arrested, but the criminal calls continue