Solution Providers On The Front Line In Fight Against WannaCry Ransomware Attack
"It's always going to be a cat-and-mouse game where there's always going to be new attacks and people exploiting vulnerabilities," said Dominic Grillo, executive vice president of Atrion Communications, a Branchburg, N.J.-based solution provider that partners with the likes of Fortinet, Cylance and Juniper Networks. "We're the ones that are going to be on top of it, making sure they're patched properly or they've upgraded their malware systems, firewalls, etc. to protect against an attacker or campaign like this."
"It's incumbent for the partner to be ahead of the curve with an attack like this," said Grillo.
[Related: Cisco Patches WikiLeaks Security Vulnerability Affecting Hundreds Of Devices]
WannaCry has impacted 200,000 computers in 150 countries. Solution providers CRN spoke with said the vast majority of their customers were not affected because they have been proactive about cybersecurity.
"There's attacks all the time. This one is much bigger because the scale at which this was launched made it different," said Ron Temske, vice president of security solutions at Logicalis, a New York-based solution provider that partners with Cisco and Microsoft. "We did a blog post about it for customers on Friday. I've already been getting comments back saying, 'I really appreciate this.' We're keeping customers educated and help distill things down so they understand what's going on without all the sensationalism and all the hype."
Solution providers said that in March, Microsoft patched the "Eternalblue" exploit, a vulnerability derived from the National Security Agency (NSA) that is the likely culprit in WannaCry.
"The vendors themselves have had patches out for this particular ransomware attack, so it's a matter of making sure customers are upgraded enough – with the latest code and patches, etc. – to protect themselves," said Grillo. "If you've got a full-service IT staff in your organization, hopefully they're on top of it. But if you're using a managed service provider, you're relying on the MSP to be up to date and take care of things for you, which is what we do."
The ransomware campaign specifically targeted the healthcare industry. Those infected were told to pay $300 in order to restore access, with the cost doubling after three days.
Solution providers said that due to the sensitive nature of the healthcare industry, the WannaCry attack raises serious concerns.
"When you're dealing with patients who need the right medicine and other things to be alive, if you compromise those systems with a ransomware attack – a healthcare organization might pay the fine just because they realize how quickly they need the data back and if you don’t have the ability, for example, restore from backup quickly enough, you're in a situation when you're dealing with life-and-death scenarios," said Grillo. "You've seen incidences where they have paid the ransomware guys to get their data as back as fast as possible. It's not a good thing because it's setting a bad precedent."
According to the BBC, only about $38,000 had been paid by Monday morning.
Michael Crean, president of Solutions Granted, a Woodbridge, Va.-based security-focused solution provider, said the WannaCry attack should serve as a wake-up call.
"People have to be ready," Crean said. "This is not the end, and I'm hoping it's a wake-up call. There have been so many things in the last 18 months that have been wake-up calls, but this is a global event. It has massive impact, and has caused significant financial burdens across the globe."
"The variants that come behind this will be significant," Crean said. "It's not over. The battle is just beginning. I feel really good with my customers. Not everybody wants to hear how we want to do business, but so far, we've been untouched."
Keeping an entire customer roster from being affected takes an aggressive, multi-pronged approach, Crean said. Solutions Granted protects nearly 20,000 devices, and so far, none have been affected by WannCry.
"Our message is that security is a multi-layered approach," Crean said. "You have to do many things, not just one thing: Next-generation firewalls, next-generation anti-virus protection. We use Cylance, and even going back more than a year and taking an older version of Cylance, our customers would've been protected. It's also about patch management," he said. "Everybody has gotten a little bit sleepy at the wheel, and this is the first time something of this magnitude has happened across the globe."
Security experts say that along with patching the operating system, organizations should also patch third-party applications to secure against the ransomware attack.
Solution providers said opportunities open up as customers wake up to the threats they face.
"When global incidents like this happen, it does provide selling opportunities," Crean said. "It definitely provides opportunities for customers who had anti-virus solutions that failed them. That's lost productivity, lost data. It's that 'A-ha' moment that says 'We're good, we protected you against this.' The next phase is for those who became a victim, we can say 'Let us figure this out for you.' Customers have been emailing us all weekend long asking: 'Are we protected?' Nobody can claim to have a silver bullet, but we can say our testing says you should be safe."
Logicalis' Temske said that although solution providers shouldn't "prey on customers because they've suffered an outage," this attack can spur new conversations about security solutions.
"It's re-emphasizing the need of some controls you can put in place. There are things you can do, like next-gen endpoint solutions that incorporate behavioral analysis, machine learnings that are better equipped to deal with these types of [attacks]," said Temske.
The malware in WannaCry was reportedly stolen from the NSA in April.
In a blog post Sunday, Microsoft President Brad Smith said that the "stockpiling of vulnerabilities by governments" is a huge issue.
"We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage," said Smith.
Last week, Cisco patched a critical flaw in its IOS software that affected more than 300 models of routers and switches that was discovered after WikiLeaks exposed CIA documents.
Matt Brown contributed reporting to this story.