WannaCry Ransomware: How IT Channel Protects Its Customers
The WannaCry ransomware outbreak on May 12 that affected more than 200,000 computers across 150 countries and had been an eye-opener to all, including IT channel partners and customers who are vigilant as gearing up to face more attacks in the near future.
This massive cyber-attack holds the potential to encrypt data of any system within minutes and displays a message on the user’s screen, asking to pay $300 in Bitcoins for data retrieval. It quickly got spread via phishing emails and targeted non-patched applications/operating systems in the form of computer worm – targeting those machines that were using older operating systems.
India was also hit in parts, even though the attack made a bigger impression in Europe, where the United Kingdom’s National Health Service was among the high-profile victims, besides the national petroleum of China, and factories of Renault situated in France got impacted. However, the next ransomware attack will probably have a wider impact on India, which is moving towards its ambitious ‘Digital India’ mission.
On the fateful day and also in the aftermath of the crisis, many channel partners in India, specialized in the security domain, ensured their clients were safe and not impacted by the Wannacry ransomware. Channel Times managed to speak to channel partners specialized in security domain from the four corners on India on their days of ransomware attacks.
Prashant Jain of JNR Management Resources, Delhi-NCR said, “The day was too hectic for our technical support department, as there was a flood of calls since dawn. The phones would not stop ringing. But, being a trusted player in the PKI industry, it was our responsibility to help our customers clear their doubts pertaining to the ransomware. A couple of customers were even hesitant to power on their computers. Some of them completely disconnected their devices from the network for hours. But, thanks to our seasoned technicians who not only analyzed thoroughly the systems of such customers, but also educated them for further preventive measures.”
“There is a lot more to come. Mutation of WCRY has also started. Some of us have already met “EternalRocks”, WCRY’s scarier successor. Has anyone heard of “EternalChampion, EternalRomance, DoublePulsar” which sound so “viagratic” yet are cousins of WannaCry,” he added.
Manasi Saha of Macawsinfotech, Kolkata, said, “Friday 12th May 2017 Wannacry ransomware and worming started infecting some places in East India like Government and corporates and the maximum impact was on Windows XP, 2003, Windows 10 and few customers were infected by other ransomware variant also. Behind the story, there are two elements, one is ransomware which encrypt 176 file types and ask for ransom and second one spreads automatically with worms like activity using an exploit called EternalBlue and it would exploit the vulnerability of SMB and Microsoft patched it on March but maximum has not applied it.”
“We have sent emails to all our customer on 13th May morning and have also sent messages on WhatApp about the Wannacry ransomware attack. We also told them to take certain measures and we did patching at the customer end through any patch management server or manual. On Monday, 15th May we used some of the preventive tools like Sophos Interceptx/ Anti Exploit, Trend Micro Machine Learning tool. For awareness, we also conducted a webinar for all on 17th March where we explained about the details of Wannacry attack,” she added.
V Anand, Raksha Technologies, Chennai said, “I was in The US when the ransomware episode was happening. Luckily none of our customers got infected with this ransomware. Thanks to our robust security architecture and to the quality of products we supply and the awareness we provide.
The media attention the incident has drawn due to its proliferation and the nature of the payload, it has become a board room discussion even among small and mid-size customers. We found that the awareness about backup solutions and patch management has increased. On patch management, we are getting many business inquiries.”
There was a sudden spur in calling for emergency meeting in the early hours of day at 4 am just to ensure their security setup is geared to handle. Large customers have called us in weird timings just to ensure all is well. We were happy doing this to our customers. Lot of calls came just to ensure all is well and we were operating 24×7 for few days just to provide comfort to our clients. Not to forget, being a security expert, I received a call from an elderly gentleman who asked me whether he can withdraw money from the ATM. Of course, I answered his call though in different time zone, it was around 2 AM in the US.
Tushar Parekh of Silicon netsecure, Mumbai said, “An ounce of prevention is worth a pound of cure. Being Proactive surely does have its advantages and having a well-trained team is always an asset. During the WannaCry outburst our technical team was functioning 24×7 for our Indian and International clients to update their signature database. This helped prevent any unwanted outbursts of the WannaCry ransomware across their networks. This also reasserts the client’s confidence in us as an experienced security partner.”