Photo: Mark Wilson /Getty Images
Image 1 of 1
Homeland Security Advisor Tom Bossert speaks about recent cyber attacks during a briefing at the White House, on May 11, 2017. Homeland Security Advisor Tom Bossert speaks about recent cyber attacks during a briefing at the White House, on May 11, 2017.
Photo: Mark Wilson /Getty Images
WannaCry ransomware attack has Texas companies on edge
1 / 1
Back to Gallery
The IT department at a small college in Lake Jackson, Texas, worked day and night Friday to check computers throughout its campus for signs of the WannaCry ransomware that has paralyzed businesses, hospitals and other organizations across the globe since Friday.
Brazosport College staff found two computers infected with the ransomware on Friday, and five more on Monday, said the college s Director of information technology Ron Parker on Tuesday. The ransomware, dubbed WannaCry, is a form of cyberattack that essentially locks users out of their machines and threatens to delete all of its files unless a ransom is paid. While few companies in Texas have publicly reported a problem, WannaCry has infected more than 300,000 computers in about 150 countries across the globe so far, Tom Bossert, assistant to the president for homeland security and counterterrorism, said on Monday. The malware s full impact is not yet known and cyber security researchers say the problem could spread even farther as hackers create other forms of the ransomware.
Brazosport, located just outside of Houston, isn t going to pay the ransom except in some extreme case where there was some truly irreplaceable file on that computer, Parker said. He said they tell users to store all critical files on network file storage.
The computers that were compromised were all wiped clean and will be reinstalled from scratch except for one that we are keeping for analysis temporarily, Parker said. But while Brazosport had to deal with the ransomware, other reports of infections in the U.S. have been scarce.
We haven t really seen much here, not only in San Antonio but in the United States, just because it s still relatively new of an attack, said Jacob Stauffer, vice president of operations for Coherent Cyber. With that being said, a lot of chief information security officers of major corporations, when they saw everything going on in Europe and Asia, they immediately put some of those countermeasures at work to prevent these types of attacks in our area. Coherent Cyber, housed in San Antonio co-working space Geekdom, is focused on cyber threat hunting, incident response and forensics. The company has not had any clients attacked by WannaCry, Stauffer said Tuesday, but they have dealt in the past with clients who have had machines infected with costly ransomware.
San Antonio insurer Argo Group covers this type of attack and the industry is has paid out ransomware-related claims in the past, said William Kelly, senior vice president for underwriting at U.S. division Argo Pro.
For the industry, this type of breach resulted in claims activity and loss payment; however, not on a large scale, he said via email. If anything this breach has forced insurers to incorporate the cyber activities of the past 5 days into their underwriting practices. He said the industry will more carefully screen companies technology practices before offering this type of coverage in the future. Even before WannaCry began spreading Friday, one San Antonio-based business had already been taking precautions to make sure it would not be a victim.
Preparations at Rackspace Hosting to combat WannaCry started much, much earlier when hacking tools reportedly developed by the National Security Agency were leaked in April on the internet, said its Chief Information Security Officer Dave Neuman. The WannaCry ransomware leverages some of that code to spread more quickly. So when it was leaked on the internet, Rackspace staff prioritized patching the associated vulnerability.
I feel like we were better-prepared, and certainly more proactive for something like this to happen, Neuman said, adding that the company was already prepared for a ransomware attack. But this particular exploit and the way it worked, and its lineage back to the NSA tools that were leaked earlier this year, was really what allowed us to take a more proactive stance in what was about to unfold in the last few days. Although Microsoft released in March a software update fixing the vulnerability, the alleged NSA leak in April kicked things into high gear at Rackspace, Neuman said.
We made sure that we made internal production decisions to prioritize patching those systems one, that are most vulnerable, and making sure that if there were systems that couldn t be patched in that time frame, what else we could do to protect them, he said.
Neuman said, too, that they have been getting a lot of questions from customers on the issue.
Because we had a really good understanding of what this exploit was about, and what it was doing and how it was proliferating, we were able to have a very informed conversation with our customers, he said. While Texas has seemed relatively lucky so far, others were less so. FedEx in the U.S. was impacted, Homeland Security advisor Bossert said Monday. FedEx said in an email Tuesday it resumed normal operations and systems are performing as designed. Several hospitals systems in the United Kingdom were also hit with WannaCry.
U.S. Rep. Will Hurd, R-Texas, said he thought Texas hospital systems appeared untouched because they had put procedures in place following ransomware attacks last year on California hospitals.
I think that was a wakeup call to the U.S, Hurd said. Hurd said on Monday that he had not received feedback that anyone in his district had been affected. Dallas-based AT&T wasn t hit, but it is getting questions from business customers, said Senior Vice President of Advanced Solutions Mo Katibeh.
Obviously we help serve a lot of business customers so we re getting questions from them on how they can protect themselves, and so we have advice that we provide to our business customers whether they re small, medium, enterprise, all the way up, Katibeh said.
Customers are told to make sure they have a system in place for running patches and software updates on a regular basis, Katibeh said. AT&T also encourages them to use a firewall when connecting to the internet, and to use an email protection system that scans incoming emails, he said. A lot of ransomware is triggered by an email with a malicious attachement, Katibeh said. Experts say small businesses in particular may be vulnerable to WannaCry, since they may not have the resources to make sure they are regularly patching software, or upgrading their operating systems.
Small businesses are particularly vulnerable to attack because they often don t have enough money for software upgrades or spend it on other projects, Bret Piatt, CEO of San Antonio-based Jungle Disk which provides data security for businesses with up to 250 employees.
It s like, do you spend $5,000 or $10,000 or $25,000 refreshing all of your computer systems for your office, or do you take a vacation this summer with your family? Piatt said. Parker of Brazosport College, urged people to be very, very serious about making sure your Windows Updates are set to install automatically, and the same for antivirus. He also advised upgrading to Windows 10 if possible. The school s problems started with a single computer that did not have current antivirus definitions or patches on it, he said. And that computer tried to infect others nearby. Thankfully, those machines had patches installed and generated alerts that helped the staff learn what was happening, he said.
At the same time, he said a user told them she was seeing a ransomware screen on a computer as well.
It appears that the other five computers happened in a similar manner. Some of the computers were in a lab that was supposed to be segregated from the college network but was inadvertently connected. These computers were not receiving automatic updates so they were vulnerable, Parker said.
Staff Writer Patrick Danner contributed to this report.
- ^ Brazosport College (brazosport.edu)
- ^ Ron Parker (www.mysanantonio.com)
- ^ Tom Bossert (www.whitehouse.gov)
- ^ homeland security (www.mysanantonio.com)
- ^ Jacob Stauffer (www.mysanantonio.com)
- ^ Argo Group (www.mysanantonio.com)
- ^ William Kelly (www.mysanantonio.com)
- ^ Argo Pro (www.argolimited.com)
- ^ National Security Agency (www.mysanantonio.com)
- ^ Dave Neuman (www.mysanantonio.com)
- ^ Microsoft released in March (blogs.technet.microsoft.com)
- ^ were also hit (www.digital.nhs.uk)
- ^ Will Hurd (www.mysanantonio.com)
- ^ Texas hospital (www.mysanantonio.com)
- ^ ransomware attacks last year (www.nbcnews.com)
- ^ Advanced Solutions Mo Katibeh (www.mysanantonio.com)
- ^ Bret Piatt (www.jungledisk.com)
OTTAWA A flag honouring an anti-abortion movement caused a stir in the country s capital after it was raised at Ottawa City Hall.The city proclaimed Thursday March for Life Day, a declaration that has been made in past years but city councillors said the anti-abortion group s flag was flow at city hall as part of that proclamation for the first time.READ MORE: Ontario government to make abortion pill Mifegymiso free for all who need itSeven city councillors called for the flag to immediately be taken down, saying in a joint letter that the flag represents a personal conviction to restrict a woman s right to a safe and legal abortion. They said city policy on flag raisings state a proclamation will not be issued for matters that represent individual conviction. The councillors also noted that the right to abortion is constitutionally protected.A security guard took down the flag on Thursday afternoon and replaced it with the City of Ottawa flag.Ottawa Mayor Jim Watson said on Twitter that he s asked the city clerk to review the city s proclamations and flag raising policy.I am pleased to report that the anti abortion flag has been taken down. I have asked staff for a complete review of the city’s flag policy Jim Watson (@JimWatsonOttawa) May 11, 2017My personal opinion has always been that women have the right to choose. I share your concerns & have asked for a review of our flag policy. Jim Watson (@JimWatsonOttawa) May 11, 2017
Ontario Progressive Conservative Leader Patrick Brown grilled the Liberal government over safety concerns in the province s probation and parole system, following new revelations from an ongoing Global News investigation.New data obtained by Global News through Freedom of Information showed there are just over 4,500 outstanding warrants for alleged violations of probation and conditional sentences in Ontario in 2015/16WATCH: Who s Watching? Global News s investigation into Ontario s probation systemWho s Watching Part 3: The consequences of breaking probation in Ontario