Risks-Forum Digest Saturday 13 May 2017 Volume 30 : Issue 29
Date: Fri, 12 May 2017 16:27:31 -0700
From: Lauren Weinstein
Subject: Today's Massive Ransomware Attack Was Mostly Preventable --
Here's How To Avoid It (Gizmodo)
Here's what happened: Unknown attackers deployed a virus targeting
Microsoft servers running the file sharing protocol Server Message Block (SMB). Only servers that weren't updated after March 14 with the MS17-010 patch were affected; this patch resolved an exploit known as ExternalBlue, once a closely guarded secret of the National Security Agent, which was leaked last month by ShadowBrokers, a hacker group that first revealed itself last summer. The ransomware, aptly named WannaCry, did not spread because of people clicking on bad links. The only way to prevent this attack was to have already installed the update.