Interview about WannaCry Ransomware Worm attacks with Director of CSPF

Interview with J Prasanna, Director of Cyber Security and Privacy Foundation Pte Ltd Singapore

a. What do you think about the latest Ransomware attack, has it had impact around the globe and in India?

There is lot of impact of Wannacry around the world and in India. Banking, Financial services and Insurance(BFSI) and corporate have got hit. Most of the CISO/CIO of BFSI/corporate dont openly acknowledge.

The reason for this was some of the corporate was still using windows older version machine which were not patched.

b. Do you have large customer base in india?

We work on Daily APT cloud scanning of corporate/BFSI.  We have a few BFSI client. We run proactive pre-emptive scans daily, and work with their SOC to protect them. We have been doing a good job. Our customers really value our products and our service skills.

c. How do you view yourself as a company?

We are highly skilled small size company.  We believe we should protect pro-actively customers against cyber attacks.

d. Are most of the BFSI in India safe?

Most of the corporate are ISO 270001 certified. They also have best WAF, Firewall, Antivirus, IPS and SIEM products from MNC vendors.

These are not enough to safeguard. You should understand how hackers/criminals work. Every company needs people who are highly skilled, this is lacking. With all these technologies in place hackers/criminals still hack into networks and steal data, information, money.

BFSI should use Daily APT cloud scanning services, CSPF has such a services which we sell in APAC region.

e. Why corporate around world failed with Wannacry ransomware/worm?

Corporate around the world have latest antivirus software. Antivirus software work with signature scans. Once ransomware was released most antivirus company started using group policy of microsoft.

Corporate also had old windows software running some were not patched for security vulnerabilities. Windows xp patches were discontinued.

Shadow group had released a few NSA exploits, then there were documents of vault7 released by wikileaks. When criminals weaponised worm/exploit/ransomware. This combination was lethal.

The system administrators who configured these antivirus software with group policy allowed directories like C:\ and C:\downloads which allowed the ransomware to run. Some of the admins did this so that their microsoft windows update could run on network. This was a mistake.

Every one is equally responsible.

f. What is a RansomDefender?

We have a small tool with managment console. we wrote this sometime back to protect our Daily APT Cloud Scan customers from ransomware. we have deployed in three of BFSI customers in India. All are safe with no computers infected. Its pre-emptive solution.

Share this with Your friends: