This site is part of the Global Exhibitions Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 3099067.


WannaCry Ransomware: Lessons for the Channel

By Edward Gately
May 15, 2017 - News

Edward GatelyThe massive WannaCry ransomware attack that began Friday, and struck at least 150 countries and 300,000 computers, appeared to be slowing Monday as organizations scrambled to protect themselves.

The software locks computers and users are confronted with a screen demanding a $300 payment to restore their files.

Evolve IP's Scott KinkaScott Kinka, Evolve IP’s chief technology officer, tells Channel Partners that while this “phishing" attempt may have been a new attack that was not necessarily blocked via spam filters, the vulnerability that was exploited has been patched in supported Microsoft operating systems since March. Windows XP devices that were affected have been out of support by Microsoft for some time.

“This was an unsophisticated attack, although slightly unique due to the size/volume," he said. “The lesson for the channel is that most companies do not have a well-constructed, or well-executed desktop management strategy. This creates learning opportunities regarding the benefits of help desk, RMM (remote monitoring and management) and DRaaS (for those machines that are affected)."

There have been more than 4,000 daily ransomware attacks since early 2016 — a 300 percent increase since 2015. Victims paid a total of more than $24 million to regain access to their data in 2015 alone.

“Understanding and educating on how an attack works is really the area where the channel can help," Kinka said. “Even ...  much of the media has this story wrong. The truth is that this is not a cybersecurity issue exclusively … there’s more to it. It’s also about the mitigation of user risk … proper cybersecurity hygiene. In other words, what is needed here is user education: Don’t open files that are suspect; keep your machines secure with proper patch management; and an effective disaster recovery (DR) plan … as in, have backups or replications that you can restore rather than paying ransom."

VIPRE's Usman ChoudharyAny major event like this becomes a referendum on security and disaster recovery, he said.

“So there is a window where the channel can take advantage of the opportunity," Kinka said. “I personally think that businesses will erroneously make the decision that this (is) a complicated cybersecurity issue and place effort in securing the network perimeter, email, etc. This was not a zero-day attack (meaning an attack that has never been seen before and therefore could not be caught by standard security measures) … this was a vulnerability that has been known and has been patched by Microsoft for some time. I would think that even the attackers (who are likely criminal and not institutional) are even surprised by the widespread nature of the effects of the attack. Truthfully, the results are a referendum on desktop management."

Usman Choudhary, VIPRE’s chief product officer, said ISPs have a “heavy responsibility to ...

« Previous12Next »
comments powered by Disqus
Related News