Trigaux: How Tampa's ReliaQuest cybersecurity firm tracks ransomware attack around the clock

It's been all hands on deck at ReliaQuest's security special operations center in Tampa since late last week when a ransomware attack spread like wildfire to more than 200,000 computers in 150 countries and continues to threaten business, individuals and government IT systems at the start of the new work week.

At the young cybersecurity firm, nearly 170 of its 250 employees are on technical security, rotating in shifts 24/7 to track the attack of the so-called WannaCry ransomware program that targets a security hole in the Microsoft Windows operating system. A patch or software fix to plug that hole was issued in March by Microsoft but many businesses big and small failed to update their systems in time, leaving them vulnerable to the aptly named WannaCry. The malicious software, or malware, locks users out of their computers, threatening to destroy data if a ransom is not paid.

ReliaQuest CEO Brian Murphy says Wannacry represents the biggest ransomware attack so far in 2017. He was notified in the early morning hours Friday by his cybersecurity team that they were tracking a malware program moving fast across unprotected computer systems.

"It was the sheer speed with which it moved," says Murphy, whose firm works with major Fortune 2000 firms to help identify and track cyber threats. While the original WannaCry attack appears to be waning, variations are now cropping up.

"This is not done yet," he says. "This is widespread and will impact a lot of people."

A dozen or more new hires who started work Monday at ReliaQuest, based on Harbour Island near downtown Tampa, found themselves in the thick of an intense effort to track one of the larger ransomware incidents in online history.

Many cyber attacks on corporations go unreported because companies do not want bad publicity. On Monday, investigators said they expect more U.S. companies have been affected by ransomware extortion demands but have not yet come forward.

According to Sri Sridharan, managing director of the Florida Center for Cybersecurity at USF in Tampa, the basis of the latest WannaCry ransomware attack is believed to have been developed by the National Security Agency and leaked in April by a hacker group known as the Shadow Brokers.

Folks did not pay attention to the patches released by Microsoft, Sridharan says and employees fell prey to "phishing e-mails" — a hacker's way to fool workers to share passwords and other proprietary information.

"I talked in November about ransomware being the primary mode of cyber attack in 2017. Lo and behold, it has come true," he says.

Both Sridharan and Murphy strongly encourage all computer users to pay attention to their cyber vulnerabilities. "Folks have to practice good cyber hygiene," Sridharan says. Apply security patches when made available. Use the best available anti-virus protections. And do periodic and secure backups of computer files.