LEVICK | May 15th, 2017
Ransomware Spreading Like Crazy Worms

It All Just Makes You Wanna Cry
Curiosity, turned blind luck, saved us from something far worse from what we saw on Friday. Had it not been for a British malware researcher registering some gobbledygook of a domain name (www [dot] iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea [dot] com to be exact), who knows what we would be writing about today. At the rate we are going, if we were cats, we would be burning through our nine lives faster than Tony Stark builds Ironman suits.
In our last post, we said to stop sensationalizing. We mean that. So by no means should you think that we are a tad bit overly hysterical, because WannaCry did spook us all out. Friday™’s episode is proof positive of three things:
- Things can get wildly out of control real fast.
- Cyber weapons have made it out into the wild and will be used against us.
- We were horribly unprepared for this attack; we are still horribly unprepared for the next attack.Â
Luck – while a critical aspect of life – is not an effective resilience strategy. WannaCry has already been modified and there are variants with no “kill switch†in the code. More hurt is in order for the unprepared.
What should concern us all was the brazenness of this attack. Everything was fair game, from telecom to banks to healthcare to universities, and latest count is that people “wanna cry†in 150 countries. That™’s some aggressive foreign policy when you negatively impact 75% of the world™’s nations in 72 hours.
The attack on healthcare is particularly disturbing – losing money is never fun, but losing lives is worse – but not unexpected and perhaps even a bit overdue. Healthcare is a peculiar industry because of competing interests. Specifically:
- Patients and users require speed, but information security often takes time to process, putting the needs of front-line staff in opposition to the wants of security staff.
- Management must be committed to quality care and their fiduciary duties, no easy task in an environment of competing needs.
- Effective sharing of confidential patient information among primary care physicians, hospitals, and medical specialists has myriad benefits, but sharing introduces numerous potential points of failure.
- Budgetary constraints which are felt more than in most industries as healthcare funding is becoming more difficult to secure and cybersecurity costs keep rising.
There is this issue of course that applies to all leading-edge firms, not just those in healthcare: if you want to be recognized as the “leader of your field†you also have the biggest juiciest target tattooed to your back.
And of course, there is this thing called emotion. It is quite possible you will dial your “freak out factor†to 11 if you are already in a life-and-death situation and suddenly find out your computer is useless to you. Should you find yourself in this situation, scrambling to find $300 worth of these funny things called Bitcoins may be a cheap way out.
We need to underscore how lucky we were and it is quite possible that by the time you read this, we are feeling second and third waves of WannaCry. So here are some quick solutions and things to think about:
- Back up your crown jewels like it™’s going out of style. If you did not back up your data this past weekend, whether offline or on the cloud (or both) you deserve a failing grade. Malicious actors have proof that ransomware pays off. So long as there are people that are willing pay, malicious actors will keep on putting out ransomware. The only way to stop this tactic is to eliminate the incentive. Losing one day™’s worth of data is a whole lot less painful than your entire digital library. Over the long-term, the costs of doing nothing are exceedingly higher than doing something, so find an option that keeps your data out of harm™’s way. Backing up your data should become as regular and mundane as brushing your teeth (and you know what happens when you do not brush your teeth).
- Have a recovery plan that can be activated in minimal time. Have clean images of operating systems and critical applications ready to be installed in a moment™’s notice. Of course, this is under the assumption you have your data backed up and ready to follow. And by the way, if you have not tested your plan, you do not have a plan. If you decide not to test your plan, make it out of wood and knock on it for good luck. You may increase your chances of success.
- Prepare for the Stone Age. We are actually very serious here. For anybody born before 1989, there is a pretty good chance you used a pencil and paper somewhat regularly while growing up. This may come as a shock to some, but for a good 5,000 years or so we got through life without electricity and digital technologies. It was not pretty at times, but in a pinch, it works. Remember, your success depends on your ability to bend while others are breaking. If you are able to operate with “Stone Age technology†for 72 hours, you are ahead of the game. If we are all down for more than 72 hours, chances are we have a much bigger problem on our hands (like, war).
- Look before you cross the road (think before you click!). Would you cross a busy freeway of speeding cars going in both directions without looking? Alright, so why would you just click something out of curiosity or because you are too lazy to look where it could take you? Hover over a link and make sure the link goes to where it says it will go. Read the email closely (one of us received an email from “concast.com†this week). And if it feels wrong, just press delete. Do not become the next “phish†that gets hooked!
- Do not wait for the dam to come apart before you start patching. Enterprises are notoriously slow at patching their systems. This is particularly true of small-to-medium businesses. If you cannot do this, team up with a managed service provider (MSP) or managed security service provider (MSSP). If you are not “patching and praying†on a regular basis, you are committing “sin†and will likely be punished for your misdeeds.
- If you can afford it, seriously consider Artificial Intelligence, Machine Learning, and Cognitive Computing. We are still early into the wide-spread commercialization of these offerings, but they are the way of the future. If you identify and stop (or even slow down) an attack before it ruins your day by using any one of these technologies, it is a win for your organization.
- Putting all your eggs in one basket means they can all break at once. Sometimes keeping things apart is a good idea. In our mad rush to connect EVERYTHING perhaps we overlooked some basics. We really need to ask questions such as: do I really want the sales department to have the ability to connect to our super advanced R&D department? Logical and physical segmentation of network and data assets needs to be looked at in more depth as a viable strategy (and remember you can use the cloud in this strategy).
- Sharing is caring. The need for enhanced public/private cooperation will be critical in maintaining a knowledge base to track and counter future ransomware cyber threats. The new NIST Framework in conjunction with the Department of Homeland Security™’s (DHS) cyber-threat information-sharing program implemented as part of the 2016 Cybersecurity Information Sharing Act (CISA) is a good basis to encourage more sharing of information threats. And the cybersecurity Executive Order from May 11th is a good step in the right direction.
- Time to have a serious policy discussion on Zero Day vulnerabilities and other exploits. Zero Day vulnerabilities and other exploits should be treated like neutron bombs able to run amok.  Note: we are all patriots first and understand that our nation™’s military and intelligence agencies require – need – the ability to take advantage of these exploits, but if we are to keep a cache of these weapons in a stockpile, they need to be protected like the launch codes. And if we do catch wind that of vulnerabilities that get out into the wild, patch them up at warp speed.
We offer these practical solutions to you in order to protect and secure what matters most to all of us. We dodged a serious bullet on Friday and by no means are we in the clear. Let this be a lesson to us, because by the time you read this, we may be feeling the #MondayBlues thanks to WannaCry Vol. 2.
In Defense of the United States of America,
The #Cyber Avengers
The #CyberAvengers are a group of salty and experienced professionals who have decided to work together to help our country by defeating cybercrime and slowing down nefarious actors operating in cyberspace seeking to exploit whatever their tapping fingers can get a hold of. How? We do this by raising our collective voices on issues critical importance so that we can keep this great country in the lead – both economically and technologically – and to keep it safe and secure. All the issues are intertwined and more complex than ever, which is why we have differing backgrounds but have a common cause. We complement each other, we challenge each other, and we educate each other. What do we get out of writing articles like this? Nada. Goose egg. We are friends. We are patriots. And we are not satisfied to sit around and do nothing. We want to keep this nation and its data safe and secure.
The #CyberAvengers are: Paul Ferrillo, Chuck Brooks, Kenneth Holley, George Platsis, George Thomas, Shawn Tuma, Christophe Veltsos
LEVICK | May 15th, 2017
Ransomware Spreading Like Crazy Worms

It All Just Makes You Wanna Cry
Curiosity, turned blind luck, saved us from something far worse from what we saw on Friday. Had it not been for a British malware researcher registering some gobbledygook of a domain name (www [dot] iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea [dot] com to be exact), who knows what we would be writing about today. At the rate we are going, if we were cats, we would be burning through our nine lives faster than Tony Stark builds Ironman suits.
In our last post, we said to stop sensationalizing. We mean that. So by no means should you think that we are a tad bit overly hysterical, because WannaCry did spook us all out. Friday™’s episode is proof positive of three things:
- Things can get wildly out of control real fast.
- Cyber weapons have made it out into the wild and will be used against us.
- We were horribly unprepared for this attack; we are still horribly unprepared for the next attack.Â
Luck – while a critical aspect of life – is not an effective resilience strategy. WannaCry has already been modified and there are variants with no “kill switch†in the code. More hurt is in order for the unprepared.
What should concern us all was the brazenness of this attack. Everything was fair game, from telecom to banks to healthcare to universities, and latest count is that people “wanna cry†in 150 countries. That™’s some aggressive foreign policy when you negatively impact 75% of the world™’s nations in 72 hours.
The attack on healthcare is particularly disturbing – losing money is never fun, but losing lives is worse – but not unexpected and perhaps even a bit overdue. Healthcare is a peculiar industry because of competing interests. Specifically:
- Patients and users require speed, but information security often takes time to process, putting the needs of front-line staff in opposition to the wants of security staff.
- Management must be committed to quality care and their fiduciary duties, no easy task in an environment of competing needs.
- Effective sharing of confidential patient information among primary care physicians, hospitals, and medical specialists has myriad benefits, but sharing introduces numerous potential points of failure.
- Budgetary constraints which are felt more than in most industries as healthcare funding is becoming more difficult to secure and cybersecurity costs keep rising.
There is this issue of course that applies to all leading-edge firms, not just those in healthcare: if you want to be recognized as the “leader of your field†you also have the biggest juiciest target tattooed to your back.
And of course, there is this thing called emotion. It is quite possible you will dial your “freak out factor†to 11 if you are already in a life-and-death situation and suddenly find out your computer is useless to you. Should you find yourself in this situation, scrambling to find $300 worth of these funny things called Bitcoins may be a cheap way out.
We need to underscore how lucky we were and it is quite possible that by the time you read this, we are feeling second and third waves of WannaCry. So here are some quick solutions and things to think about:
- Back up your crown jewels like it™’s going out of style. If you did not back up your data this past weekend, whether offline or on the cloud (or both) you deserve a failing grade. Malicious actors have proof that ransomware pays off. So long as there are people that are willing pay, malicious actors will keep on putting out ransomware. The only way to stop this tactic is to eliminate the incentive. Losing one day™’s worth of data is a whole lot less painful than your entire digital library. Over the long-term, the costs of doing nothing are exceedingly higher than doing something, so find an option that keeps your data out of harm™’s way. Backing up your data should become as regular and mundane as brushing your teeth (and you know what happens when you do not brush your teeth).
- Have a recovery plan that can be activated in minimal time. Have clean images of operating systems and critical applications ready to be installed in a moment™’s notice. Of course, this is under the assumption you have your data backed up and ready to follow. And by the way, if you have not tested your plan, you do not have a plan. If you decide not to test your plan, make it out of wood and knock on it for good luck. You may increase your chances of success.
- Prepare for the Stone Age. We are actually very serious here. For anybody born before 1989, there is a pretty good chance you used a pencil and paper somewhat regularly while growing up. This may come as a shock to some, but for a good 5,000 years or so we got through life without electricity and digital technologies. It was not pretty at times, but in a pinch, it works. Remember, your success depends on your ability to bend while others are breaking. If you are able to operate with “Stone Age technology†for 72 hours, you are ahead of the game. If we are all down for more than 72 hours, chances are we have a much bigger problem on our hands (like, war).
- Look before you cross the road (think before you click!). Would you cross a busy freeway of speeding cars going in both directions without looking? Alright, so why would you just click something out of curiosity or because you are too lazy to look where it could take you? Hover over a link and make sure the link goes to where it says it will go. Read the email closely (one of us received an email from “concast.com†this week). And if it feels wrong, just press delete. Do not become the next “phish†that gets hooked!
- Do not wait for the dam to come apart before you start patching. Enterprises are notoriously slow at patching their systems. This is particularly true of small-to-medium businesses. If you cannot do this, team up with a managed service provider (MSP) or managed security service provider (MSSP). If you are not “patching and praying†on a regular basis, you are committing “sin†and will likely be punished for your misdeeds.
- If you can afford it, seriously consider Artificial Intelligence, Machine Learning, and Cognitive Computing. We are still early into the wide-spread commercialization of these offerings, but they are the way of the future. If you identify and stop (or even slow down) an attack before it ruins your day by using any one of these technologies, it is a win for your organization.
- Putting all your eggs in one basket means they can all break at once. Sometimes keeping things apart is a good idea. In our mad rush to connect EVERYTHING perhaps we overlooked some basics. We really need to ask questions such as: do I really want the sales department to have the ability to connect to our super advanced R&D department? Logical and physical segmentation of network and data assets needs to be looked at in more depth as a viable strategy (and remember you can use the cloud in this strategy).
- Sharing is caring. The need for enhanced public/private cooperation will be critical in maintaining a knowledge base to track and counter future ransomware cyber threats. The new NIST Framework in conjunction with the Department of Homeland Security™’s (DHS) cyber-threat information-sharing program implemented as part of the 2016 Cybersecurity Information Sharing Act (CISA) is a good basis to encourage more sharing of information threats. And the cybersecurity Executive Order from May 11th is a good step in the right direction.
- Time to have a serious policy discussion on Zero Day vulnerabilities and other exploits. Zero Day vulnerabilities and other exploits should be treated like neutron bombs able to run amok.  Note: we are all patriots first and understand that our nation™’s military and intelligence agencies require – need – the ability to take advantage of these exploits, but if we are to keep a cache of these weapons in a stockpile, they need to be protected like the launch codes. And if we do catch wind that of vulnerabilities that get out into the wild, patch them up at warp speed.
We offer these practical solutions to you in order to protect and secure what matters most to all of us. We dodged a serious bullet on Friday and by no means are we in the clear. Let this be a lesson to us, because by the time you read this, we may be feeling the #MondayBlues thanks to WannaCry Vol. 2.
In Defense of the United States of America,
The #Cyber Avengers
The #CyberAvengers are a group of salty and experienced professionals who have decided to work together to help our country by defeating cybercrime and slowing down nefarious actors operating in cyberspace seeking to exploit whatever their tapping fingers can get a hold of. How? We do this by raising our collective voices on issues critical importance so that we can keep this great country in the lead – both economically and technologically – and to keep it safe and secure. All the issues are intertwined and more complex than ever, which is why we have differing backgrounds but have a common cause. We complement each other, we challenge each other, and we educate each other. What do we get out of writing articles like this? Nada. Goose egg. We are friends. We are patriots. And we are not satisfied to sit around and do nothing. We want to keep this nation and its data safe and secure.
The #CyberAvengers are: Paul Ferrillo, Chuck Brooks, Kenneth Holley, George Platsis, George Thomas, Shawn Tuma, Christophe Veltsos
- Brand
- Meet Nancy Pelosi
- Delta Airlines and the Georgia Voting Controversy
- Richard Levick on Volkswagen’s April Fool’s
- The Final Episode of M*A*S*H
- Should Companies Consider Appointing Chief Paranoia Officers to Combat Disinformation?
- Can Capitalism Really Be “For Humanity?”
- The Fifth Estate: A Business Guide for Surviving “The Troubles”
- Here We Come
- Corporate Revolt Over Campaign Donations Shakes Political World
- What Happens Next?
- CSR & Sustainability
- Public Perception & the Biden Transition
- Communications
- Corporate Leadership in an Age of Unrest
- Ten Rules For Corporations And Social Issues
- Delta Airlines and the Georgia Voting Controversy
- Developing a Crisis Management Program
- “I Never Felt as Unsafe as I Did That Day”
- How America Scores Changes Youths Through Soccer and Poetry
- Everyone Gets Disrupted
- The Politics Industry
- Look
- The Final Episode of M*A*S*H
- The Regulatory Hall of Fame
- Should Companies Consider Appointing Chief Paranoia Officers to Combat Disinformation?
- Company News
- The Final Episode of M*A*S*H
- Reflections on a Turbulent Year: 2020
- Here We Come
- Recent Awards & Recognition
- Won’t You Be My Neighbor?
- What’s a Director to Do?
- LEVICK Announces Partnership with BCG
- A New Look
- Albert Krieger, 1923-2020
- LEVICK Announces Partnership with Jipyong
- Speaking to In-House Counsel
- Childhood Lessons
- Crisis
- Corporate Leadership in an Age of Unrest
- Ten Rules For Corporations And Social Issues
- Meet Nancy Pelosi
- It’s War: The New Dilemma for Corporations and Social Issues
- Matt Gaetz’s Strategic Struggle Makes Him a Target
- Delta Airlines and the Georgia Voting Controversy
- A Call for Elected Officials to Protect Voting Access
- Richard Levick on Volkswagen’s April Fool’s
- Developing a Crisis Management Program
- Standing In Awe
- “I Never Felt as Unsafe as I Did That Day”
- Richard Levick on Top 2020 Crises
- Finance
- The World of Financial Crimes with Tom Ajamie
- Can Capitalism Really Be “For Humanity?”
- GameStop: The Buck Starts Here
- Here We Come
- The Threat to Free Markets
- Advisory & Insurance Services
- WATCH: Revolutionizing Litigation Finance
- Litigation Finance: Revolutionizing Litigation
- Consumer-Focused Solutions for Financial Health
- Event: Consumer-Focused Solutions for Financial Health
- Sports: Power and Money in a New Age of Social Justice
- The Balancing Act: The Role of Whistleblowers in American Commerce and Government
- Guest Column
- Guest Blog: The Mainstream Media Gets an A for Intellectual Arrogance, an F for Journalism
- Buckle up Directors: Cybersecurity Risk and Bankruptcy Risk Are Not Mutually Exclusive
- Buckle up Directors: Cybersecurity Risk and Bankruptcy Risk Are Not Mutually Exclusive
- South Africa: The Slow Decline of the ANC
- Why CSR Fails and How to Fix It
- What to Expect Following the European Elections?
- Buhari Inaugurated. What Now for Nigeria?
- Marketing- It’s Up To You…
- Crisis Management lessons from the air-crash investigation model
- The Future of War
- Health
- Reflections on a Turbulent Year: 2020
- Food Issues & the Biden Administration
- Covid-19: The Pandemic that Never Should Have Happened
- Pharma’s Post-Pandemic Policy Outlook
- Keeping Hope Alive
- Real Herd Immunity
- The Fiction of College Sports Amateurism
- Mac Summit: Crisis Communications in a Post-Covid, Post-Election World
- Travel Industry Communications in the Age of Covid-19
- Track of Time
- Is C-19 Taking Women Lawyers’ Careers Back to the 1950s?
- Post-Pandemic PR Strategy
- In Memoriam
- Snider’s Super Foods: Locally World Famous
- Speak Truth With Love, Not Anger
- In Memoriam: Stephen Susman
- Letter to the Movement
- John Lewis’ Life Bridged the Best of America
- Albert Krieger, 1923-2020
- In Memoriam of Marcia Horowitz
- Jim Lehrer Passes Away
- Martin Luther King, Jr.
- Harold Burson Passes Away
- Interviews
- CommPRO: Ruth Bader Ginsberg’s Life & Legacy
- Richard Levick on “My Wakeup Call”
- Primerus Webinar: Into the Wind
- The Future of Baseball Post-Pandemic
- Webinar: The End of Brand Neutrality
- Thought Leadership & Organic Growth
- Man & Superman
- LEVICK Announces New Webinar Series with Turbine Labs
- Navigating Coronavirus Challenges in the Insurance Industry
- VIDEO: How to Anticipate & Avoid a Crisis
- What’s Next? with Julie Chase
- What’s Next?: California Electoral Behavior
- Law Firms
- Digital Upskilling in Legal: More Than Just New Technology
- An Insider’s View of the Legal World
- Fighting for the Rule of Law with Marshall Harris
- Why Should I Apologize? Lawyers vs. Communicators
- You Took a PPP Loan. Now Get Ready to Talk About It.
- Beyond Black Swan: Positioning the law firm for the new normal
- A Salute to Personal Courage and the Rule of Law
- Cyber Risk Institute Expands Its Profile
- When a client becomes a law firm’s PR nightmare
- The General Counsel’s Dilemma
- A First Look at the Google Antitrust Suit
- The Latest Top Class Actions
- Litigation
- An Insider’s View of the Legal World
- Buyers’ Guide to In-House Tech
- Fighting for the Rule of Law with Marshall Harris
- Why Should I Apologize? Lawyers vs. Communicators
- A Conversation with Abbe Lowell
- Leveraging Legal Expertise in Communications
- You Took a PPP Loan. Now Get Ready to Talk About It.
- Beyond Black Swan: Positioning the law firm for the new normal
- A Salute to Personal Courage and the Rule of Law
- Cyber Risk Institute Expands Its Profile
- When a client becomes a law firm’s PR nightmare
- The General Counsel’s Dilemma
- Our Work
- Bridging the “Preclinical Gap” in Childhood Cancer Research
- Recent Awards & Recognition
- The Cyber Bad Guys Are Getting Worse
- Crisis Communications & The Age of Cancel Culture
- Standing on the Shoulders of Giants
- Video: Conversations with American Legends
- Staying Ahead of the Crisis
- A New Era of Insurance Marketing
- Infographic: Judgment Free Zone
- Infographic: Barriers to Entry
- Infographic: History Meter
- Assistance for Law Firms Engaged in Pro Bono
- Public Affairs
- You’re the Media and You’re Going to Die
- The Politics Industry
- The Politics Industry with Katherine Gehl
- Real Washington with Former White House Press Secretary Joe Lockhart
- From Shareholders to Stakeholders with Don Springer
- The Regulatory Hall of Fame
- Richard Levick on U.S.-China Relations
- The Price of Courage
- Can Capitalism Really Be “For Humanity?”
- GameStop: The Buck Starts Here
- Impeach, Indict, Heal? A Discussion of Post-Trump Washington
- “Crooked Dominion Machines,” Impeachments, Insurrections & The First 100 Days
- Risk
- Should Companies Consider Appointing Chief Paranoia Officers to Combat Disinformation?
- The Price of Courage
- Ingredients of Decency
- ESG Performance and Credit Markets
- The Coronavirus Saga is Just Beginning
- No. 1 Risk of the Decade
- The Risk Evolution of Corporate Risk
- Extend Risk Management Reach
- Collective Action
- Risk Identifying Software
- The New Risk of Doing Nothing
- Political Unrest In Hong Kong
- Social
- A Call for Elected Officials to Protect Voting Access
- How America Scores Changes Youths Through Soccer and Poetry
- Look
- Should Companies Consider Appointing Chief Paranoia Officers to Combat Disinformation?
- The Price of Courage
- Bridging the “Preclinical Gap” in Childhood Cancer Research
- The Ministry of Common Sense
- How to Stop the Madness
- A Remembrance of Tommy Raskin
- No ‘justice’ in rep’s vote
- A Call for Orderly & Peaceful Transition of Power
- Recovering from the Greatest Sacrifice
- Technology
- Digital Upskilling in Legal: More Than Just New Technology
- Should Companies Consider Appointing Chief Paranoia Officers to Combat Disinformation?
- Bridging the “Preclinical Gap” in Childhood Cancer Research
- 3 Tech Lessons Businesses Must Learn From COVID-19
- Constella Intelligence Announces Hunter for Improved Investigation Capability
- Cyber Risk Institute Expands Its Profile
- Digital Politics: The Future of Voting Technology
- Ethics in Electronics
- The Cyber Bad Guys Are Getting Worse
- A First Look at the Google Antitrust Suit
- The Pause
- Cybersecurity Incidents of the Summer
- This Week
- A Remembrance of Tommy Raskin
- A New Year’s Resolution
- Over the River and Through The Woods
- Dropping the Mic
- Won’t You Be My Neighbor?
- The Cyber Bad Guys Are Getting Worse
- What We Hear
- Track of Time
- Video: Conversations with American Legends
- Conversations with American Legends
- A New Era of Insurance Marketing
- American Legend