Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
Earlier today it was revealed that the United Kingdom’s National Health Service was targeted by ransomware known as “WannaCry.” Sixteen NHS organizations were impacted by the attack, and victims have spread across the globe and will likely continue to do so. WannaCry takes advantage of SMB vulnerabilities in Windows, using the ETERNALBLUE exploit which was publicly released by the ShadowBrokers in April. This SMB vulnerability is “wormable” and reminiscent of the early 2000s worms like Code Red, Nimda and Blaster. Microsoft released MS17-010 to address this SMB vulnerability on March 14th prior to the ShadowBrokers dump.
Just over eight weeks later, we are seeing the initial implications of not deploying this SMB patch, and this is an area that I’d like to focus on. If you have been on the Twitters today, it is as if a million voices have suddenly cried out in terror tweeting “Why didn’t you just patch it!” This seems like a reasonable question, but reality isn’t always reasonable. Having been an industry analyst, I’m naturally familiar with ivory towers and questions like this can indicate that someone might be a bit disconnected from the realities of day to day security operations. There are legitimate reasons why not every endpoint on the planet is running MS17-010.
Am I making excuses for organizations that didn’t apply MS17-010? No I am not, but it is important to remember that security isn’t black and white, operations are hard, and sometimes thoughtful risk management might still result in a loss. Back to WannaCry, here are some recommendations from our intelligence team on mitigations:
Two final recommendations, if you don’t already have a ransomware response playbook, hopefully today isn’t the test run. You should also formalize your ransomware minimization strategy; you might not be able to prevent it all, but it doesn’t mean you shouldn’t try. Our intelligence team will continue to monitor the situation and update our clients as needed.