Ransomware attacks have proliferated in recent years for several reasons. One is the explosive growth of opportunity: More systems and devices are linked to cyberspace than ever before, and a relatively a small percentage are protected by effective cybersecurity precautions. — 123rf.com
Getting SEC Info back online required Finnegan to painstakingly reconstruct software that he had written over the prior 25 years and reinstall a database of some 15.4 million corporate Securities and Exchange Commission filings dating back to 1993. As I related last year at the start of Finnegan's ordeal, SEC Info provides subscribers with access to every financial disclosure document filed with the Securities and Exchange Commission — annual and quarterly reports, proxy statements, disclosures of top shareholders and much more, a vast storehouse of publicly available financial information, presented in a searchable and uniquely well-organised format.
Finnegan was one of the pioneers in the field, eventually becoming one of the largest third-party vendors of SEC filings. Data kidnappers can deploy an ever-expanding arsenal of off-the-shelf tools that"make launching ransomware attacks almost as simple as using an online auction site," according to Palo Alto Networks, which markets cybersecurity systems. Some ransomware entrepreneurs"offer 'startup kits' and 'support services' to would-be cybercriminals,... accelerating the speed with which attacks can be introduced and spread," Palo Alto reports.
Attacks on major enterprises garner the most attention. In 2021, according to a list of 87 attacks compiled by Heimdal Security, the victims included the business consulting firm Accenture, the audio company Bose, the Brazilian National Treasury, Cox Media, Howard University, Kia Motors, the National Rifle Assn. and the University of Miami.
The catastrophe began with a massive data breach at Yahoo that happened in 2013 but which Yahoo didn't disclose until 2016. The hackers stole the email passwords, phone numbers, birth dates and security questions and answers of three billion Yahoo users, including Finnegan. "They lucked out," he told me."If they had tried a week earlier or a week later, they would not have been able to get in."
Even if the hackers decrypted Finnegan's data — the more than 15 million SEC filings — they had trashed his operational software, and that could not be recovered via decrypting.