The past week has been a busy week for cybersecurity professionals. We started the week with the timer on WannaCry expired on May 15. This mean that if encrypted files are not paid, they would be permanently deleted. Those whom paid the ransom receive the ability to decrypt previously encrypted files and regain access back to original system. For those who did not paid, backup provides the only remaining mechanism to restore original files. All told, under 300 payments or so was paid, or a total of approximately $100,000. In retrospective, the sum is paltry compared to the billions of dollars that the attack has impacted to businesses, hospitals and factories. Researchers are quickly highlighting similarities in attack methodologies to a North Korean's Unit 180 whom was responsible for several high-profile attacks in financial institutions ($81m heist of the Bangladesh Central Bank) and businesses (Sony) around the world.
On May 16 - 17, NIST kicked off the Cyberscurity Framework Workshop 2017. The workshop discussed the Cyberscurity Framework users' experiences, and proposed updates to the Framework in Version 1.1 and later, and any potential Framework-related policy issues. The two-day conference attracted several leading speakers from public and private-sector organizations, both domestic and internationally. For additional information visit the link at https://www.nist.gov/news-events/events/2017/05/cybersecurity-framework-workshop-2017.