Nmedia - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Risk & Repeat: WannaCry ransomware worm shakes tech industry

Listen to this podcast

In this week's Risk & Repeat podcast, SearchSecurity editors look at the devastation caused by the WannaCry ransomware worm and discuss how it could have been prevented.

The ransomware worm known as WannaCry not only left behind a trail of devastation, but also raised pressing questions about software patching and vulnerability disclosure practices.

The ransomware worm took advantage of a flaw in Windows' server message block (SMB) v1, which was revealed in the Shadow Brokers' recent dump of Windows exploits from the National Security Agency (NSA). The flaw, dubbed EternalBlue, was resolved by Microsoft in its March Patch Tuesday -- weeks before the Shadow Brokers released it to the public.

According to a report from The Washington Post, the NSA warned Microsoft about EternalBlue prior to the exploit being made public. In addition, US-CERT issued an urgent security advisory in January about a then-undisclosed flaw in SMB v1, and urged organizations to disable support for the protocol.

Yet, even with the US-CERT warning and the Microsoft patch, many enterprises did not update their systems. As a result, the WannaCry ransomware worm was able to use the SMB flaw to spread quickly throughout organizations. More than 300,000 Windows systems were struck by WannaCry attacks, which crippled many organizations, including several hospitals in the U.K.

So who's to blame for the WannaCry devastation? Should organizations that failed to update Windows or turn off SMB v1 support take the brunt of the blame? Or does the majority fall on the shoulders of the NSA and U.S. government for hoarding vulnerabilities and failing to adequately disclose the Equation Group's cyberweapons?

In this week's Risk & Repeat podcast, editors Rob Wright and Peter Loshin are joined by SearchSecurity Senior Reporter Michael Heller to discuss those questions and more on the topic of the WannaCry ransomware worm and its fallout.

Next Steps

Risk & Repeat: Analyzing President Trump's cybersecurity executive order

Risk & Repeat: Dangerous Windows bug sparks disclosure debate

Risk & Repeat: Symantec strives to restore certificate trust

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing