Nmedia - Fotolia
Risk & Repeat: WannaCry ransomware worm shakes tech industry
In this week's Risk & Repeat podcast, SearchSecurity editors look at the devastation caused by the WannaCry ransomware worm and discuss how it could have been prevented.
The ransomware worm known as WannaCry not only left behind a trail of devastation, but also raised pressing questions about software patching and vulnerability disclosure practices.
The ransomware worm took advantage of a flaw in Windows' server message block (SMB) v1, which was revealed in the Shadow Brokers' recent dump of Windows exploits from the National Security Agency (NSA). The flaw, dubbed EternalBlue, was resolved by Microsoft in its March Patch Tuesday -- weeks before the Shadow Brokers released it to the public.
According to a report from The Washington Post, the NSA warned Microsoft about EternalBlue prior to the exploit being made public. In addition, US-CERT issued an urgent security advisory in January about a then-undisclosed flaw in SMB v1, and urged organizations to disable support for the protocol.
Yet, even with the US-CERT warning and the Microsoft patch, many enterprises did not update their systems. As a result, the WannaCry ransomware worm was able to use the SMB flaw to spread quickly throughout organizations. More than 300,000 Windows systems were struck by WannaCry attacks, which crippled many organizations, including several hospitals in the U.K.
So who's to blame for the WannaCry devastation? Should organizations that failed to update Windows or turn off SMB v1 support take the brunt of the blame? Or does the majority fall on the shoulders of the NSA and U.S. government for hoarding vulnerabilities and failing to adequately disclose the Equation Group's cyberweapons?
In this week's Risk & Repeat podcast, editors Rob Wright and Peter Loshin are joined by SearchSecurity Senior Reporter Michael Heller to discuss those questions and more on the topic of the WannaCry ransomware worm and its fallout.