Solution providers that are battling the global ransomware attack WannaCry say it's up to them to solve cybersecurity threats proactively in a constant hunt to thwart technology vulnerabilities.
"It's always going to be a cat-and-mouse game where there's always going to be new attacks and people exploiting vulnerabilities," said Dominic Grillo, executive vice president of Atrion Communications, a Branchburg, N.J.-based solution provider that partners with the likes of Fortinet, Cylance and Juniper Networks. "We're the ones that are going to be on top of it, making sure they're patched properly or they've upgraded their malware systems, firewalls, etc. to protect against an attacker or campaign like this."
"It's incumbent for the partner to be ahead of the curve with an attack like this," said Grillo.
WannaCry has impacted 200,000 computers in 150 countries. Solution providers CRN spoke with said the vast majority of their customers were not affected because they have been proactive about cybersecurity.
"There's attacks all the time. This one is much bigger because the scale at which this was launched made it different," said Ron Temske, vice president of security solutions at Logicalis, a New York-based solution provider that partners with Cisco and Microsoft. "We did a blog post about it for customers on Friday. I've already been getting comments back saying, 'I really appreciate this.' We're keeping customers educated and help distill things down so they understand what's going on without all the sensationalism and all the hype."
Solution providers said that in March, Microsoft patched the "Eternalblue" exploit, a vulnerability derived from the National Security Agency (NSA) that is the likely culprit in WannaCry.
"The vendors themselves have had patches out for this particular ransomware attack, so it's a matter of making sure customers are upgraded enough – with the latest code and patches, etc. – to protect themselves," said Grillo. "If you've got a full-service IT staff in your organization, hopefully they're on top of it. But if you're using a managed service provider, you're relying on the MSP to be up to date and take care of things for you, which is what we do."
The ransomware campaign specifically targeted the healthcare industry. Those infected were told to pay $300 in order to restore access, with the cost doubling after three days.
Solution providers said that due to the sensitive nature of the healthcare industry, the WannaCry attack raises serious concerns.
"When you're dealing with patients who need the right medicine and other things to be alive, if you compromise those systems with a ransomware attack – a healthcare organization might pay the fine just because they realize how quickly they need the data back and if you don’t have the ability, for example, restore from backup quickly enough, you're in a situation when you're dealing with life-and-death scenarios," said Grillo. "You've seen incidences where they have paid the ransomware guys to get their data as back as fast as possible. It's not a good thing because it's setting a bad precedent."