Wednesday’s ransomware attack presented itself as a money grab by hackers, asking its targets to pay up in exchange for getting their computers back. And though there’s no sign that there’s more to it at this point, one analyst is warning agencies to remain on guard, because attacks like this sometimes go further than they seem.
WPP CEO Martin Sorrell, whose giant agency holding company was one of those rocked by the attacks, said there is “no indication that either employee or client data has been compromised.”
But previous attacks in other industries have sometimes sought more than just money, according to Jeff Pollard, principal analyst at Forrester.
“On the surface it is ransomware,” Pollard said. “The attackers are certainly seeking bitcoin. But one thing companies have to be cautious of is whether or not this represents the entirety of the attack or if there was some other purpose for the attack.”
“We have seen numerous times in the financial services industry where there’s an attack on a website, but that it was actually a smoke screen for something else,” he added.
In those situations, Pollard said, the adversaries were actually attempting to transfer money outside of the organization while defacing a website at the same time. “They were hoping the security teams would look in one direction so they would make out with currency or conduct an account balance transfer,” Pollard said. “That’s common.”
Even according to Pollard, 90% of ransomware attacks are nothing more than a straight up cash-and-grab. The remaining 10%, however, are something bigger.
“Organizations have to make sure they conduct a thorough investigation and confirm the attack was ransomware and that it wasn’t used as a mechanism to distract them,” Pollard said. “The biggest mistake a company can make is assuming the attack wasn’t for something else.”
Organizations can prepare themselves by creating a “digital extortion decision tree,” according to Pollard.
“If you are being attacked at a critical time of year like the holiday season or your biggest financial quarter, it’s important to understand what you are going to do,” he said. “Tabletop the planning and decide whether you are going to pay or not.”
The attack could not have come at a worse time for WPP. Like many companies, WPP is in the final week of the third quarter.
“The end of the quarter is a critical time for the advertising ecosystem,” said Michael Connolly, CEO of ad-tech company Sonobi. “The execution of budgets to completion magnifies as the quarter comes to a close.”
The ransomware attack against companies including WPP had “the unfortunate timing of being right in the middle of closing out Q2,” Connolly said. “Any impact to an organizations infrastructure or operational ability during this time can have an impact on the ability to execute, particularly when data is involved.”
Ben Clarke, President at The Shipyard, said it’s important to think ahead about what damage could be done with a company’s data if it gets in the wrong hands.
IBM handles the bulk of WPP’s data.
“It really depends on what data WPP was storing with IBM,” Clarke said. “If it was lots of data, especially if the data was used for programmatic, but it’s anonymous and stored via a key then it’s meaningless to anyone but the application that processes it.”
If that wasn’t the case, then it’s an entierly different story.
IBM did not respond to requests for comment.