Information security teams were on high alert Wednesday after a cyber attack that started on the Ukrainian government and business computer systems made its way to the United States.
According to multiple media reports, this attack was similar to an earlier attack in May, only this time more sophisticated. According to The New York Times, the attack was part of a series of attacks using hacking tools stolen from the National Security Agency and leaking online in April.
Three companies in the United States had confirmed damages as of 6 p.m. Wednesday; No Iowa companies have reported being impacted by the attack.
Ben Schmitt, Vice President of Information Security at Dwolla, said he first heard about the attack on Tuesday morning and said this is the sort of thing companies test for every day.
Schmitt explained that once the machine was infected with the virus, how much it spread was determined by the computer.
“This specific bit of ransomware had a worm aspect to it and was able to do lateral movement,” Schmitt explained. “Meaning once you got a machine infected, it didn’t just spread via that hole or vulnerability, it spread based on administrative credentials and someone’s account that had access. So if you had administrative privileges on your machine it would spread like wildfire.”
Schmitt said it was similar to an attack in May, only perfected.
“We were well positioned for it,” Schmitt said. “We are constantly looking at our systems and this is Windows-based vulnerability, and we don’t use a ton of Windows but by how we’re designed with what systems we have it was a minimal part of our environment.”