Wanna Cry, the Most Damaging Attack

Security MEA speaks to Amit Roy, executive vice president and regional head for EMEA at Paladion about the latest Wanna cry ransomware attack and its far reaching impact

Do you have any intelligence whether Middle East been effected by Wanna cry attack?
The full extent of the Wanna cry ransomware attack in the Middle East region has not been known till now – partly to do with the weekend in the region. There have been some incidences sited in Egypt but nothing major has been reported out of the region.

How do you classify this attack?
This attack seems to be by far one of the most damaging cyber attacks witnessed globally that has impacted over 140,000 machines across 150 countries and still the number is growing. Europe and Russia in particular has been the worst hit. Even large damage have been reported from India too.

Some of the large organizations which got widely impacted are UK National Health Services, Russian Banks and Ministries, Renault and Nissan Auto makers, Telefonica, German Railways and many more. It is a widespread malware attack targeting every sector on any machine and compromising a flaw which has been exposed by a leak by Shadow brokers.

Unlike other ransomware attacks, this malware has a variant of a worm and spreads from machine to machine on local networks and not just by email making it far more damaging than other Ransomware variants.

How would you scale Middle East on threat landscape?
Ransomware threats are increasing day by day in the region with almost all sectors been impacted in the recent past. According to reports, UAE is ranked 2nd most targeted country in the Middle East Africa region only after Saudi Arabia for Ransomware.

So far, email has been the preferred source of attacks but now cloud is also becoming an active source for such attacks. The recent attack of Wanna Cry ransomware shows the extent of damages these attacks can do to the healthcare, public utility services, manufacturing, banking and in general the over-all economy.

As a security specialist what advise would you offer to companies and users to stay safe?
As of now, there are no Wanna cry decryption tools or solutions available, but companies and users can take several preventive measures to ensure that they do not fall victim to such attacks. Patch management is one of the basic steps users should follow and updated their OS with latest patchs released by Microsoft, also taking regular backups so that even if you are impacted your data is with you. Being extra cautious of the uninvited documents sent over mails, downloading software and applications only from official sources and not from pirated sites, can help users stay away from such ransomware attacks.

How does Paladion ensures your customers are safe from such attacks?
Paladion has a Global Security Command Center that provides real time threat intelligence and advisory to all our customers and in such cases we are able to quickly collate the Indicators of Compromises (IOC’s) and share it with our customer’s IT team’s for them to take remedial action. Using our next generation CyberActive SOC services based on Security Analytics platform, we are in a position to highlight any unknown attack and threat patterns such as Ransomware variant at a customer environment and can take faster response to prevent them from propagating at the client network.