Market Overview

Proofpoint Keeps Chugging After Ransomware Attacks

Proofpoint Keeps Chugging After Ransomware Attacks

This weekend's ransomware attack took down computer systems and compromised data worldwide, but Monday was business as usual for cybersecurity firm Proofpoint Inc (NASDAQ: PFPT).

Rather than prompt product adjustments, the WannaCry hack merely highlighted “just how important it is to show up and do the job every day,” Ryan Kalember, senior vice president of cybersecurity strategy at Proofpoint, told Benzinga.

“While the media attention ebbs and flows, the work doesn’t really nearly so much,” Kalember said.

Blocking ransomware campaigns and applying patches are typical Proofpoint services, which often address threats targeting hundreds of millions of individual emails. The company detected no compromised systems among its clients, citing the non-email reliant nature of Friday’s ransomware as one justification.

However, it’s now following up on scams capitalizing on public fear.

“We have already been stopping basically follow-on scams that claim to protect people from WannaCry2,” Kalember said. “We started seeing that on Saturday morning and asking for even more bitcoin than the ransomware itself, so you can think of this as a ransom scheme followed by shakedown money, protection money. That happens all the time.”

Who’s At Risk?

The primary WannaCry tool was a modified form of spyware purportedly developed by the National Security Agency and stolen by the hacker group, Shadow Brokers, back in March. The Microsoft Corporation (NASDAQ: MSFT) exploit played on Windows system vulnerabilities over an old and outdated protocol used to share files across computers.

The exploit was particularly powerful — enough to challenge a relatively improved software security state. What’s more, it was fully expected.

“All of us in the security community pretty quickly realized when it leaked back in March that this could be turned into something like a worm in ways that we hadn’t seen in many years,” he said. “Even though it might not feel like it, the overall state of software security continues to improve in certain ways, and we haven’t had a vulnerability with an associated exploit that was this bad before The Shadow Brokers leaked it in March.

Who’s To Blame?

He added, ultimately, it was human decision not to apply mitigations that led to Friday’s extreme impact.

“I think the constant drumbeat of, ‘This vulnerability’s bad, you need a patch for it,’ might have minimized exactly how bad this one was, but that said, I think every smart organization in the world at least identified the risks back in March,” he said. “Some of them were not able to patch, because they run operating systems that are so old that they didn’t actually have patches released for them [at the time...] For a very old infrastructure that’s running Windows XP, you’re doing a whole lot of things wrong from an information security perspective, not just not applying these patches for March.”

However, he acknowledged that some organizations, such as hospitals with million-dollar technology running on the likes of XP, aren’t likely going to replace their machinery, but they can take other protective measures.

Microsoft released patches for unsupported software on Windows XP, Windows 2003 and Windows 8 on Saturday, which Kalember recommends all organizations adopt.

Kalember said organizations that have not installed the recent Microsoft patch are vulnerable to future worms, or self-replicating viruses, of similar nature. He advised consumers to adopt available technical mitigations to protect against attacks, including an open-source Proofpoint rule to detect future NSA exploits:

    “Just to put this attack in perspective, we’ve seen much larger ransomware campaigns, not garner a similar kind of global interest simply because they didn’t spread in other ways and they were targeted at organizations using email. This one is unique in that it can very rapidly spread within an unprotected network, but it’s not actually anywhere near either one of the largest worms of all time or even the largest ransomware attack of all time, and at the end of the day, that’s not because the systems are vulnerable. It was human choices that contributed to how bad this ended up getting on Friday.”

Proofpoint shares were up 7.7 percent at $86.32 at time of publication.

Related Links:

Proofpoint Continues To Execute At A High Level

With Proofpoint Q1 Print Looming, Baird Downgrades


Image Credit: By Motormille2 - Own work, CC BY-SA 4.0, via Wikimedia Commons


Related Articles (PFPT)

View Comments and Join the Discussion!

Posted-In: News Futures Politics Forex Events Exclusives Markets Movers Best of Benzinga