With the world’s biggest ransomware attack over, IT Security Thing has been listening to the security industry perspective on WannaCrypt0r.
This was not an attack targeted at the NHS. It was a global attack on organisations that had not patched a known vulnerability within the Microsoft Windows Server Message Block (SMB) protocol. A vulnerability that had been patched two months back in the MS-17-010 critical security bulletin update.
This was not any old ransomware malware, it was ransomware attached to a worm. A worm made possible by the NSA as it exploits a Microsoft SMB vulnerability (EternalBlue) that was developed by the National Security Agency. The exploit code was leaked by Shadow Brokers, and someone unsurprisingly put it to use here.
This should not have been unexpected by the NHS in particular, plenty of people have been warning of just such a risk from unpatched legacy software and systems. Including, funnily enough, me. In fact I published this specific warning in a health industry publication just days before the attack hit. Or how about this about the fact that some NHS Trusts spent a big fat ZERO on cyber security, from these very pages? Or this asking is the NHS was ripe for a ransomware attack almost exactly a year ago?
OK, so what has the wider security industry been saying as the dust starts to settle?