It’s been a few weeks since WannaCry ransomware captured headlines and computers the world over. We now know how it spread, and how it captured so many Windows 7 machines.

The WannaCry (also known as WannaCryptor) attack was first reported on May 12 and spread to more than 230,000 computers in over 150 nations. Attackers used strong encryption to render captured computers useless without the correct unlock keys. Additionally, there are reports that victims could not decrypt their files even after paying the ransom.

WannaCry’s ransomware component of the payload works just like other ransomware; it searches for files with specified extensions and encrypts them. But its worm component is different, and it uses an Server Message Block (SMB) v1 vulnerability (CVE-2017-0144) to spread.

Microsoft released a security update (MS17-010) to fix this vulnerability on March 14, 2017. This March-to-May window demonstrates that even if OEM manufacturers respond in a timely manner to exploits, often, the weak link is the end user failing to apply the required patch.

At VMware, we believe there’s another way. If computers and networks are intelligently locked down, then end-user tardiness may be temporarily mitigated.

Read the entire article here, WannaCry Fallout: Implement ‘Least Privilege’ Now

via the fine folks at VMware!