Re: So it was Russia
Finally, it is a wake-up call : organizations have no reason to allow the use of USB ports or CD players. In more and more companies where I consult, I find that the USB ports have been disabled and the desktops/towers do not even have a CD tray any more.
No. The conclusion is the same as with NHS ransomware, etc.
Flat networks cannot be defended against the current threat model. Firewall them all, god will recognize its own. Branch office? Firewall it, it has no business talking to every other PC in the organization. Single channel for documents and data up, single channel down. Department? Firewall it. Lab? Firewall it. Industrial equipment? DEFINITELY FIREWALL IT.
It does not matter how much is invested into blocking ports and filtering external browsing. Infections will happen. The aim is not to prevent them. The aim is to contain them and minimize the damage.
The best analogy is a ship. Close the doors, even flood compartments on purpose if needed, but do not allow it capsize.