Companies That Patched Software Dodged WannaCry Ransomware

The ransomware program, which spreads like a worm, took advantage of legacy systems and poor patching—issues victimized companies should have been able to fix to thwart the attack.

ransomware

Companies caught their breath on Monday, following the worldwide spread of the WannaCry ransomware program last week, a digital epidemic that infected at least 200,000 devices in dozens of countries around the world.

As security experts continued to investigate the incident, they quickly concluded that the attack could have been stymied by basic digital hygiene, such as patching and vulnerability management. Companies that took those steps reliably and double-checked that there were no weak points in their malware defenses, were protected from WannaCry, also known as WannaCrypt.

“These are a lot of the issues that we, as an industry, know that we have, but we have not been getting out in front of them,” Juan Guerrero Saade, senior security researcher with Kaspersky Lab, told eWEEK.

Saade pointed out that companies have to patch more consistently and more often. Yes, WannaCry used a vulnerability in Microsoft’s Windows operating system, known as EternalBlue, that was previously not known until it was outed by the so-called ShadowBrokers malware distributors, but that was patched in March, he stressed.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...