Why WannaCry was so easily spread

This past weekend, May 13th of 2017, the WannaCry ransomware virus spread like wildfire, around the planet.

Worming it’s way form machine to machine, the WannaCry virus used a network vulnerability in the Windows Operating System. A vulnerability that Microsoft had already released a patch for, the previous February.

WannaCry infected thousands of computers, including some very high profile systems. Known victims include:

  • Russia’s Ministry of Internal Affairs – reported more than 1,000 infections.
  • The U.K.’s National Health Service – had to put life-saving surgeries on hold.
  • Telefonica – the Spanish telecom giant sent employees home after the infection tore through its offices.

Many people are left asking, after the sudden and unexpected cyber-attack, how did this happen if Microsoft already released a patch for this hole in their security?

The short answer is: Not everyone installs the updates from Microsoft, like they should.

The long answer is a bit more detailed. While it is true that many home users disable updates, it is usually because the update processes always seem to kick off at the most inconvenient of times. They are can be slow to download, interrupt ‘real work’, oft times ‘break’ other programs or processes, require inconvenient reboots and the list just goes on and on.

In the large corporate network environments, the Information Technology Department (IT) usually manages updates to all network attached systems through a central server. Their team will often test updates, before being pushed out to systems to ensure minimal impact to the end-user and no conflicts with other programs.

Small businesses usually do not have that expensive luxury of a staff of technical geeks hiding in a closet testing each update for impact on their systems and network. So, they elect to disable the automatic updates, thus letting their staff work, seemingly with fewer interruptions and nags to reboot.

Now that we know how and why this particular virus has been able to spread so quickly, it is time to identify what can be done about it as a preventative. Much like the annual flu shot many of us get each fall.

Start by understanding many of these patches and updates are necessary. That makes them worth the end-user’s time to complete the install. Perhaps not the very minute of the message coming up, but soon. It would be very nice if Microsoft gave us the option, when the update throws a screen up asking for a reboot or to stop an application that is halting an update, the ability to postpone that until a specific time. If, for example, at 10AM a user is prompted to reboot for updates, but they can schedule that to happen between Noon and 1PM, their lunch break or even after 6PM, a lot of issues with inconvenient updates would be resolved.

Secondly, small businesses need to have updates running. Leave the computers on at night and schedule the updates to run at the default of 3AM. This helps keep every machine updated, though the updates may have negative effects on other programs and applications.

Thirdly, if the automatic updates do cause repeated issues with custom or other third-party applications, seek out a Managed Services Provider (MSP). Many of these businesses are tooled and setup to manage the maintenance needs of workstations and servers, remotely and after hours. Business owners are then able to relax and appreciate their network being kept stable and smooth.

If you need or would just like more information about virus protection, data back-ups, business continuity and systems maintenance, please feel free to contact Daniel Curry of Indy’s I.T. Department at 317-560-4443 or by e-mail as daniel@indysitdepartment.com

By | 2017-05-15T10:37:33+00:00 May 15th, 2017|Backups, Business, Business Continuity, Policies, Security, Services|0 Comments

About the Author:

Leave A Comment