Re: Am I the only one appalled that an attack like WannaCry can happen to the NHS?
Remember that the tool used to spread the malware originated from a "friendly" security agency (NSA) who's toys were stolen.
So we have:
* security flaw in OS
* security service exploits this, stockpiles it and does not carry out responsible disclosure
* security service gets hacked, hack tools stolen, still doesn't carry out responsible disclosure
* Hacker's dump tools online
* Software/OS vendors hastily provide patches for most flaws
* NHS (and others) either fall to patch or are using unsupported OS versions (XP, Vista)
* Random crim's choose ransomware as a payload for one of the leaked tools (an SMB worm) and release it into the wild, most likely expecting to hit a reasonable number of individual's PC's and get some coin.
* Desktop machines in the NHS (and others) get widely affected, pull the plug to stop spread. Everyone checks their estates for patching etc. And begin wiping infected machines etc.
* Servers (storing almost all sensitive data & having a far stricter patching and backup regimen) were not a primary target here and were not part of the reportedly affected machines.
NSA faults:
* policy of hoarding exploits
* not securing those exploits
* not carrying out responsible disclosure once they'd been raided
* a question mark over whether the random crim's made the initial shower of the infection or the NSA had previously shower the infection and the crim's just pushed a payload of malware through the backdoor it created.
Microsoft:
* Although it was their flaw, they responded well with patches.
* Win 10 (i.e. the up to date OS) still has question marks over privacy/dial home, so it's not yet a no-brainer for business or secure institutions like the NHS
NHS/UK gov
* Not upgrading OSes to supported versions
* Not patching OSes
* Using SMB/windows network drives where they may not be needed (allowing the worm to spread)
* If there's a reliance on Windows, then kiosk mode, or having the desktop run in a VM on a different (independently patched) host OS (with VM backups) might have either protected the machines or sped up recovery respectively.
