WannaCry benefits from unlearned lessons of Slammer, Conficker

https://sophosnews.files.wordpress.com/2017/05/shutterstock_515398291.jpg?w=780&h=408&crop=1

Friday’s massive WannaCry ransomware attack was certainly a gut punch for many organizations. But few should be shocked by its rapid spread – especially those who remember Slammer and Conficker.

Those contagions  – ancient malware by today’s standards – spread through exposed Microsoft vulnerabilities. WannaCry spread the same way. In each case, Microsoft had already released a patch for the security holes.

And so for some, an important lesson continues to go unrecognized:  that organizations must keep a close watch for patch updates and deploy the fixes immediately. WannaCry – also known as Wanna Decrypter 2.0, WCry, WanaCrypt and WanaCrypt0r – exploited a Windows vulnerability that Microsoft released a patch for in March. That flaw was in the Windows Server Message Block (SMB) service, which Windows computers use to share files and printers across local networks. Microsoft addressed the issue in its MS17-010 bulletin.