By Christopher Moschella, CPA, CISA, Risk Advisory Services Senior Manager
By CAROL HAZARD, Richmond Times-Dispatch
Richmond-area companies seemed to escape the massive ransomware attack that hit Friday and locked up more than 200,000 computers in more than 150 countries.
But that doesn’t mean it didn’t hit here.
“Our clients have not been affected by the WannaCry malware; we have not heard anything yet,” said Chris Moschella, a risk management and cybersecurity specialist with Henrico County-based Keiter, one of the largest accounting firms in the Richmond area.
The ransomware — a malicious software that covertly and illegally encrypts files — does not have a history of hitting a lot of American companies aside from FedEx and a few others, but that does not mean it will not return in a new form, Moschella said.
Moschella said he expects another round of attacks. “The shutdown trigger, which was accidentally activated by a U.K. security researcher, could easily be altered by the attackers to prevent anyone but the attackers from shutting it down in the future.”
The easy fix makes another attack likely, he said. “The good news is (the attack) was big news. Hopefully, that shocked enough people into updating their systems and patching any security flaws.”
If most companies fix the flaws, the next attack could be less significant. “However, if there is no shutdown trigger for round two, it may still infect many thousands of computers,” Moschella said.
Interested in a cybersecurity assessment for your company? Keiter can help. Contact our Cybersecurity Team | Email | 804.747.0000
About the Author
Christopher Moschella, CPA, CISA, Risk Advisory Services Senior Manager
Chris is a Senior Manager in Keiter’s Risk Advisory Services. Chris has a strong combination of IT skills, which range from IT audit and internal control assessments, including general computer controls and application controls, to full stack web development. Most recently, Chris developed a Cybersecurity web application that assesses an organization’s resistance to social engineering attacks. Chris shares his cybersecurity insights on our blog.
More Insights from Christopher MoschellaThe information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.
