On Friday, May 12th, 2017, an unknown group of hackers unleashed the now infamous WanaCrypt0r 2.0 against government agencies, companies, and individuals worldwide. When the dust settled over 200,000 systems had been infected, and many victims lost their files forever. WannaCry did not take weeks, or even days, to spread. The damage was done in mere hours. At the time of this writing, the authors of this ransomware had made just over $126,000 - a complete failure compared to lesser known attacks that have grossed millions.
In his 1905 book, Reason in Common Sense, George Santayano stated, "Those who cannot remember the past are condemned to repeat it." The media, and society in general, has moved on from WannaCry, but we need to take a few minutes to reflect and learn from it. Fortunately, this particular crime-ware did not affect Lucas Systems or its customers, but there is always another attack just over the horizon. There are numerous possible takeaways from this, but two major ones cannot be ignored.
WannaCry exploited a known, highly-publicized vulnerability in the operating system. Every victim of this attack had something in common: they had not installed the patch Microsoft released two months prior. Let that fact sink in for a minute! One of the most prolific ransomware attacks in history could have been prevented if users had installed a patch at any point in a two month period.
PCI-DSS requires you to apply critical patches within thirty days of release, and this outbreak illustrates why. Every time a critical update is released, hackers work tirelessly to reverse engineer it. Sometimes they strike proverbial gold and develop a means to exploit it, but the majority of the time they cannot. In this case, the National Security Agency found the vulnerability, and the public release of the Eternal Blue exploit made their job simple.