Reply to post: Maybe it was home workers

Wannacry: Everything you still need to know because there were so many unanswered Qs

Anonymous Coward
Anonymous Coward

Maybe it was home workers

Here's my theory:

An employee takes their unpatched Win 7 laptop home and connects via VPN.

Meanwhile their kid has been messing with the family router in order to get their MineCraft/multiplayer server working and has enabled an Allow All port forwarding rule.

Perhaps the Windows firewall is also disabled or it switched to a more relaxed domain profile when the VPN connected.

So the laptop is now infected by a port scan. It then proceeds to infect the employees mapped drives over VPN which are unpatched Win 2008 shares and from those to clients on the LAN.

Is this plausible? No need for the corporate firewall to have had SMB open. Perhaps the spread was even exacerbated by more people working at home on Fridays.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019