Flaws exposed by the WannaCry ransomware

Written on 19 May 2017, 11:37am

Tagged with: ,

Users

1. Using old OS (in some cases, pirated, so impossible to upgrade)
2. Not updating their OS (sometimes, manually disabling the Windows update)
3. Not using a proper anti virus / anti malware solution
4. Not taking regular backups

Administrators

1. Not minimising the attack surface area (keeping the SMB service enabled even if it’s not used)
2. Not taking regular backups
3. Lack of a proper IT Security strategy, including guidelines on how to respond to security incidents

NSA

1. Not disclosing the vulnerability until their exploit was stolen

Microsoft

1. Not having a seamless Windows update process (mixing critical security updates with minor ones, forced restarts, etc)

Some links:
https://www.troyhunt.com/dont-tell-people-to-turn-off-windows-update-just-dont/
http://www.nbcnews.com/storyline/hacking-of-america/companies-stockpiling-bitcoin-anticipation-ransomware-attacks-n761316

But in the end, things might work out just fine 🙂