No offense to the actual IT workers at Sony, as I'm sure their hands are as tied as management allows, but it does make me wonder how this kind of shit gets through IT and not only infects one office, but nationwide, without garnering any attention from the IT pros getting paid to stop things like this?
Easy. By being targeted, Stuxnet style. They knew what IP blocks Sony Pictures uses, and it's quite easy to find machines on a local LAN and stay within it, and Sony is no doubt like most large corporations and links their offices via VPN, so machines at every location also look like the local LAN, so the worm can spread itself to everything it sees. And it can do so quietly. It doesn't have to make a lot of noise to do it. No excessive CPU usage, no excessive network traffic, no nonfunctioning services. It can grow and grow and grow, just as long as it doesn't disturb anything. Most Windows users never look at their process list, and even those who do could miss something with an innocuous sounding name.
And when it determines that it has infected everything it can reach, it contacts its command & control servers, again with innocuous traffic to innocuous looking IP addresses/domain names, and informs its creator that it's ready. The creator picks the time and hits the button, and it triggers its payload. And Sony is shut down for days. Now the worm is in aggressive mode, since it's out from under cover, so it will use all resources at its disposal (Sony's entire network) to keep itself intact and maintain control of the systems. It will aggressively scan for new systems coming online and aggressively try to take them over as quickly as possible. Hence the total shutdown. They're trying to scrape it out of their systems, so they have to disable its ability to reinfect. If they miss even one live instance, odds are good it will promptly reinvade all the freshly installed machines. It's a war. Sony should eventually win it, since it's their home ground and they therefore have physical control of the machines, but that's the only reason. Depending on which cloud services they're using and how, it could come right back in again. It could be a long war.