Amid this week's global ransomware attacks, major MSSPs (managed security services providers) are closely monitoring the threat landscape while also safeguarding customer networks from new or evolving threats.
Among the MSSPs analyzing these latest attacks: N-Dimension Solutions, which safeguards more than 100 U.S. utilities from cyberattacks and digital threats. Among the key takeaways so far from Mihir Kapadia, VP of engineering at N-Dimension Solutions:
- The company is still learning more about this ransomware but research suggests it is similar to WannaCry but much more sophisticated. It seems to be leveraging the same EternalBlue vulnerability in Microsoft Windows (which Microsoft issued a patch for back in March).
- Early research suggests this is a strain of the Petya ransomware which was seen last year but this is not entirely confirmed.
- As with WannaCry, there is no indication that paying the $300 in Bitcoin actually results in the infected machine being remedied. For any ransomware attack it is always recommended to not pay the ransom.
- The immediate action to help protect against this attack is to ensure all Windows machines on the network are patched with the MS17-010 patch. It is also recommended to have a robust backup and recovery mechanism in place.
Perhaps the best news of all? So far, it looks like N-Dimension's customers have not been attacked -- though the MSSP isn't letting its guard down.
"We have been actively monitoring for this ransomware and have not found any evidence of infection within our customer environments," Kapadia says. "However, this is an ongoing attack so we continue to closely monitor the situation."