While there is still much unknown about the latest wave of Petya/GoldenEye ransomware attacks, it's all too clear that organizations that don’t keep pace with the latest patches are being targeted faster than ever. It used to take cybercriminals a fair amount of time to develop the malware required to take advantage of a specific exploit. Now thanks to access to advanced tools developed by intelligence agencies that make it possible for cybercriminals to weaponize malware faster, this latest series of ransomware is targeting an exploit that Microsoft made patches available for just over a month ago in the wake of the WannaCry ransomware attack. Given the rate at which most organizations roll out patch updates, it’s a wonder more systems haven't been affected.
Microsoft says it's continuing to investigate the extent of the most recent threat, so it’s unclear whether additional emergency patches will be forthcoming or not. Either way, many organizations have a pressing need to apply available patches immediately. Because the patch management processes in place within most organizations are inherently flawed, however, there will continue to be organizations that fall victim to these types of ransomware attacks.